Some mail from Darren Reed on the 29/04/96 said:
> You still appear to be missing the point; There are only so many tests >
> that "authorised" specialists can run, be they tried & trusted or
> otherwise. The point I'm making, is that the only way a system's
> security can truly be asessed, is by letting it loose on the internet, >
where there are an infinite number of "tests" available!
D>This point has been discussed many times in reference to "break in"
D>competitions. It has generally been agreed upon that all you ever prove is
D>that you can keep out those who attempt to break in, not that you can keep
D>everyone out or that you're immune to every attack.
D>Whilst an infinite number of tests _might_ be available, only a finite number
D>can be carried out and if you're knowledgable enough about what it is that is
D>being "tested", you should be able to replicate or deal with a good % of those
This is fine, but the world of crackers is constantly evolving, and becoming
more sophisticated with each new "challenge".
> I agree that it's unfortunate that the crackers have to be "unauthorised".
D>The only other option is to decriminalise what they do. Back in the early
D>days of the Internet, they weren't doing anything illegal when they played
D>their games from the Netherlands (I'm sure you've read the Berferd story, and
Whether it's legal or not doesn't matter a smudge - if they wanna do it,
they're gonna do it. No matter how much legislation is put in place, people
will always do stuff for kicks.
D>I think it is quite fortunate for us that (using this example) the government
D>in the Netherlands eventually moved to put in place laws which allowed those
D>pranksters to be arrested.
You mean there aren't any "pranksters" left in the Netherlands?
>I'm not condoning hacking in any way - I'm merely suggesting that in their >
>way, they are providing a service to US, by exposing the weaknesses in our >
>security systems. I never suggested that crackers were scrupulous.....
D>Well, I prefer the "information" only service, without the breakins or
D>attempted breakins, wouldn't you ?
Yes, but then I'm a realist, and appreciate this isn't possible.
Rgrds Rob "gimme a beer" Holman