Hi
Some mail from Darren Reed said:
>You never can be certain. You can only ever be certain that your
>systems pass or fail whatever tests they are knowingly subjected to
>(this is one of the issues with Tiger Teams and what they can do for
>you).
You still appear to be missing the point; There are only so many tests
that "authorised" specialists can run, be they tried & trusted or
otherwise. The point I'm making, is that the only way a system's
security can truly be asessed, is by letting it loose on the internet,
where there are an infinite number of "tests" available!
>The issue is that crackers perform their operations without any authorisation.
>Maybe if the crackers passed on the information so gleaned to the people they'd
>targeted, the "victims" would thank the crackers. If I was passed
>on such information, I'd be reinstalling and starting over (you have no idea
>what else they've done).
I agree that it's unfortunate that the crackers have to be "unauthorised".
I'm not condoning hacking in any way - I'm merely suggesting that in their own
way, they are providing a service to US, by exposing the weaknesses in our
security systems. I never suggested that crackers were scrupulous.....
Rob "gimme a beer" Holman
______________________________ Reply Separator _________________________________
Subject: Re: Re[6]: L0pht Scanning - Beware
Author: PC:DarrenReed<avalon @
coombs .
anu .
edu .
au> at INTERNET
Date: 29/04/97 10:29
In some mail from rob .
holman @
ganda .
demon .
co .
uk, sie said:
>
> Again, I understand the concern for "rogues", but if we are to rely on
> our own ability to test, how can we be certain we are "safe"?
You never can be certain. You can only ever be certain that your systems
pass or fail whatever tests they are knowingly subjected to (this is one
of the issues with Tiger Teams and what they can do for you).
> If crackers didn't exist, then there wouldn't be a problem!?? Of
> course there would, as people would inevitably "stumble" upon
> classified data. So in my view, it's just as well there are "rogues"
> out there. A Porsche is no doubt very well tested - noone would
> dispute that, but how can you be certain how well it performs, until
> it's released in to the biiiggg baaaddd world?
You're mixing your metaphors here in confusing ways - and some which aren't
relevant.
The issue is that crackers perform their operations without any authorisation.
Maybe if the crackers passed on the information so gleaned to the people
they'd targeted, the "victims" would thank the crackers. If I was passed
on such information, I'd be reinstalling and starting over (you have no
idea what else they've done).
Darren
Follow-Ups:
|
|
