RE: [fw-wiz] Re: Ethics, morality and the industry

From: David Lang (david.lang_at_digitalinsight.com)
Date: 11/08/04

  • Next message: Steffen Kluge: "RE: [fw-wiz] Re: Ethics, morality and the industry"
    To: Bill Royds <broyds@rogers.com>
    Date: Sun, 7 Nov 2004 20:55:58 -0800 (PST)
    
    

    the flip side of this is that when you describe a particular vunerability
    you get a bunch of people who say 'show me' and if you can't hack a system
    yourself they act like you can't possibly understand the vunerability.

    you don't have to be a proficiant cracker to be a good security person
    defending systems.

    David Lang

      On Fri, 5 Nov 2004, Bill Royds wrote:

    > Date: Fri, 5 Nov 2004 22:45:56 -0500
    > From: Bill Royds <broyds@rogers.com>
    > To: 'Firewall Wizards Mailing List' <firewall-wizards@honor.icsalabs.com>
    > Subject: RE: [fw-wiz] Re: Ethics, morality and the industry
    >
    > One of the problems that giving such publicity to so many criminal "ex-hackers"
    > is that it makes it much more difficult for honest security practitioners to do
    > our job. I have never hacked into anything other than under the watchful eye of
    > the system owner observing the possible flaws in his/her system while I
    > explained what a buffer overflow is, why default configurations are unsafe etc.
    > But the very fact that I had this ability made me suspect in some people's eyes.
    > Their attitude becomes "You know how computer systems work so you must have
    > learned that by criminal hacking like all those hackers in the news". This is
    > despite a university degree in computer science and 30 years worth of experience
    > in computers. The presence of convicted criminals in the "computer security"
    > field means all members of that field are labelled "hackers" in the pejorative
    > sense, making it much harder to do our job.
    >
    > -----Original Message-----
    > From: firewall-wizards-admin@honor.icsalabs.com
    > [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Christopher
    > Hicks
    > Sent: Tuesday, November 02, 2004 2:21 PM
    > To: Firewall Wizards Mailing List; Adam Shostack
    > Cc: Stephen P. Berry; Paul Foster; Marcus J. Ranum; Paul D. Robertson
    > Subject: Re: [fw-wiz] Re: Ethics, morality and the industry
    >
    > On Tue, 2 Nov 2004, Adam Shostack wrote:
    >> On Mon, Nov 01, 2004 at 08:32:16PM -0800, Stephen P. Berry wrote:
    >> | >My self-deception is that a refresher is always good, especially as I
    >> | >find us practitioners sometimes fall into patterns of thinking.
    >> |
    >> | A quick grep through this thread indicates that Mitnick has been mentioned
    >> | about two dozen times and Shimomura and Markoff have been mentioned exactly
    >> | zero times. Discuss.
    >>
    >> So how many times has Abagnale been mentioned? Any correlation with
    >> the pro- or anti- boycotters to correctly name the speaker in
    >> question?
    >
    > Somebody should get on the stick and put up a survey. I'd love to see
    > what the silent and/or moderated-out majority feel about this sort of
    > thing.
    >
    > This has been one of the more stimulating and thought provoking
    > discussions on any mailing list I've been on recently. Thanks to
    > everybody for keeping it interesting and mostly above the belt.
    >
    > Kudos Paul (and or substitute moderators) for keeping it from getting out
    > of hand.
    >
    > --
    > </chris>
    >
    > There are two ways of constructing a software design. One way is to make
    > it so simple that there are obviously no deficiencies. And the other way
    > is to make it so complicated that there are no obvious deficiencies.
    > -- C.A.R. Hoare
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >

    -- 
    There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies.
      -- C.A.R. Hoare
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Steffen Kluge: "RE: [fw-wiz] Re: Ethics, morality and the industry"

    Relevant Pages

    • Re: [PATCH 1/5] pid: Implement task references.
      ... There are two ways of constructing a software design. ... And the other way is to make it so complicated that there are no obvious deficiencies. ... To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ ...
      (Linux-Kernel)
    • Re: Des Gl├╝ckes Unterpfand
      ... Redewendung nur "einen Hals kriegen". ... There are two ways of constructing a software design. ... is to make it so complicated that there are no obvious deficiencies. ...
      (de.etc.sprache.deutsch)
    • Re: Duzen
      ... Wieso *einen*? ... There are two ways of constructing a software design. ... is to make it so complicated that there are no obvious deficiencies. ...
      (de.etc.sprache.deutsch)
    • Re: Nothing but a fairytale
      ... Erwin Moller ... "There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. ...
      (talk.origins)
    • Re: Genera der Singles
      ... in den Sinn. ... There are two ways of constructing a software design. ... is to make it so complicated that there are no obvious deficiencies. ...
      (de.etc.sprache.deutsch)