Firewalls: Re: Attack, Attack, Attack

Firewalls
(August 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Attack, Attack, Attack
From:	Brent @ GreatCircle . COM (Brent Chapman)
Date:	Fri, 11 Aug 1995 09:58:30 -0800
To:	se @ adv . sbc . sony . co . jp (Steve England), firewalls @ greatcircle . com

At 11:48 AM 8/11/95, Steve England wrote:

>How do the rest of us get to know these ? Whilst i'm not (quite) asking for
>"how do i break into site X" i believe there is a lot that can be shared
>by the above said people to aid us *newer* people - can we share this
>kind of info within this list (Brent ?) otherwise arent all we are doing
>is practising another form of security through obscurity ? ie. the few that
>know versus the most that dont ?

>From the "Policies" section of the "Welcome to the Firewalls mailing list"
document (to get a copy of the current document, send the command "info
firewalls" in the body of a message to "Majordomo @
 GreatCircle .
 COM"):

        Code for cracking programs (programs designed to help break into
        another system) should not be posted to the Firewalls mailing list.

So, if folks want to talk about _how_ to break in to systems, that's fine;
as long as nobody posts code.  Now, we could argue over exactly what I mean
by "code", but I'd rather not.  Use some judgement; if I (or others)
disagree with your judgement, believe me, you'll hear about it!  :-)

One thing to keep in mind regarding this discussion: it's been my
experience that the folks who are good at securing systems usually are NOT
that good at breaking into them, and vice versa.  The two activities
require significantly different attitudes and skills in order to be
successful.  Sure, expert defenders can sometimes use their knowledge of a
particular bug or problem to figure out how to exploit that particular bug
or problem; they're usually not that good at discovering new bugs or
problems, though.  And sure, expert attackers can sometimes use their
knowledge of a particular bug or problem to figure out how to fix that
particular bug or problem; they're usually not very good at generating
architectural fixes to address whole classes of problems, though.

"Think like a cracker" is an interesting exercise, but it's just that: an
exercise.

-Brent

--
Brent Chapman         | Great Circle Associates  | For Firewalls Tutorial info:
Brent @
 GreatCircle .
 COM | 1057 West Dana Street    | Tutorial-Info @
 GreatCircle .
 COM
+1 415 962 0841       | Mountain View, CA  94041 | http://www.greatcircle.com

Indexed By Date	Previous:	Re: Multilevel Security is good for firewalls From: mdr @ vodka . sse . att . com
Indexed By Date	Next:	Re: Encrypted data across national boundaries??? From: Ted Doty <ted @ kgbvax . network . com>
Indexed By Thread	Previous:	Attack, Attack, Attack From: se @ adv . sbc . sony . co . jp (Steve England)
Indexed By Thread	Next:	Internet (A) From: Sander Wels <SWELS @ inetgate . capvolmac . nl>