Dr. Frederick B. Cohen wrote:
>
> The real question is whether the good guys will get the release before
> the bad guys and how you tell them apart.
>
> If I had SATAN, you could do tests with it today without having the
> source available to attackers. Would Dan or someone else provide this
> servicxe to those of us who would liket to test ourselves so that before
> the world is able to launch, we can verify our own protection?
how would you be able to tell 'good sysadmin' from 'bad hacker'?
why should anyone trust you?
why should anyone trust any results from a tool they
don't have the source to?
please don't take this as a personal attack, it's not. i'm sure
you mean well. you just haven't thought it through.
it has to be (relatively) freely available as source, or not at all.
BTW, SATAN's authors have stated repeatedly that SATAN will not
contain any new cracks, nor will it contain exploit code.
(see the 'what SATAN is' post by Wietse Venema, available at
many fine security newsfroups).
The print media hype would have it be, well, the coming of Satan.
It's not. it won't be anything that any competent security
administrator hasn't already been aware of.
don't beleve the hype.
--
ericm ericm @
microunity .
com
Follow-Ups:
-
Re: SATAN
From: fillmore @
emr .
ca (Bob Fillmore 992-2832)
References:
-
SATAN
From: fc @
all .
net (Dr. Frederick B. Cohen)
|
|
