[Full-Disclosure] Security Industry Under Scrutiny: Part Two

From: Ka (ka@khidr.net)
Date: 11/18/02


From: ka@khidr.net (Ka)
Date: Mon, 18 Nov 2002 16:12:46 +0100


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

First of all a personal remark:
Ka doesn't love you, and thinks you can do quite well
without his love anyway .o)

But: Sockz and list, my respect.

Have you observed, that the more similiar some
groups of people are, the eager they are to fight each
other? Like Iran and Iraq - like Christians and Moslems -
like Black-Hats and White-Hats. Family fights.

Basically what is actually done by Black-Hats and White-Hats
is the same thing: find holes and patch them (or is it not
among the first things after a server is owned that the
known software holes of the server are patched?).

The only difference lies in the individual attitude,
and even that may very well differ from instance to instance.
But it is my opinion, that individuality cannot be governed
by ethics finally.

When the situation develops into a war between individual
freedom against organized (governmental or criminal) "order"
we will need each other - regardless of the color of our
hats (if any).

> Why would the government want to create fear?
> Because catastrophes are good for the economy.

And good for the self-image of the president and the citizens.
What else does some president have, if you take that label away?
What else do those who spell Citizen with a capital 'C' have,
when you take that away? Then suddenly one is just as human
as his enemy.

> What we DO need is to redesign the current system to remove
> vulnerability information from the eye of the general public...

This is not possible. Just one single person, just some intentional
or unintentional misuses of the information breaks the whole system.

The alternative is to have more responseable individuals
and more secure systems. For both as much information-exchange
as possible is needed - not only technical information btw.,
but this individual opinions as well (which are often called
"off topic", but which are part of the neccessary 'handicraft'
or 'brotherly' exchange IMO). Including verbal fights now and
then, including playing jokes with fake emails, including even
some stupid remarks of this old baldhead me, why not?

No system can function responseably if there are no response-able
individuals.

Worms or Script-Kiddies are just part of the background sounds
of the internet djungle, they serve their purpose. No need to
"fight" them, just protecting against them is sufficient.
Real threats come from bigger animals, come from bigger organizations.
No man should tell another man what to do, but I think we
would be all better off with an internet which is not too much
regulated by law or tied up by big "systems".

Greetings
Ka
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE92QNu72vu22ltWBERApEqAJ0dfivLaS/8tHq51wqvJqXBdlWtqQCfcKvY
KOEpH0a2cJAEdFLtwp1/PhA=
=yNB0
-----END PGP SIGNATURE-----