Re: [Lit.] Buffer overruns

From: Mack (macckone_at_a_nospamjunk123_ol.com)
Date: 02/06/05 

Date: Sun, 06 Feb 2005 22:07:35 GMT

On Sun, 06 Feb 05 11:58:55 GMT, jmfbahciv@aol.com wrote:

>In article <77-dnbMdLcngz5jfRVn-hw@comcast.com>,
> Larry Elmore <ljelmore_@comcast.net> wrote:
>>jmfbahciv@aol.com wrote:
>>> In article <1935.895T1020T4964405@kltpzyxm.invalid>,
>>> "Charlie Gibbs" <cgibbs@kltpzyxm.invalid> wrote:
>>>>
>>>>I wouldn't necessarily count crackers as incompetent.
>>>
>>>
>>> I always have. People whose ultimate goal is work
>>> prevention are incompentent because they don't help
>>> make things work.
>>
>>I wouldn't use 'incompetent', either. 'Miscompetent' might be more
>accurate.
>
>Could be. If I used that word, I'd have to maintain three linked
>lists. I prefer keeping two: can-dos and can't-dos.

**** Begin Soapbox mode

In that case you should probably move the crackers to the
can-do list. They can and do help make things work by
finding problems and demonstrating them. I won't get into
the whole black-hat/white-hat debate. We should all know
there are good guys and bad guys out there looking for
security holes. Certain programming shops (really big ones),
don't fix problems until there is an active attack against that
problem.

The latest example is the automotive key fiasco. They
knew better than to use a 40 bit key. We should all
hope that the white-hats are better than the black-hats but
unfortunately there are some really talented black-hats.

The DMCA is another example of hiding a collective head
in the sand. Instead of fixing our problems lets just make it
illegal for the bad guys to do already illegal stuff. Then when
people find "holes" in our systems we can sue them to keep
them quiet. Do I need to say DeCSS?

**** End Soapbox mode

>
>/BAH
>
>Subtract a hundred and four for e-mail.

Leslie 'Mack' McBride
remove text between _ marks to respond via e-mail