Great Circle Associates Firewalls
(April 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re[10]: L0pht Scanning - Beware
From: rob . holman @ ganda . demon . co . uk
Date: Wed, 30 Apr 1997 8:34:38 +0000
To: DarrenReed <avalon @ coombs . anu . edu . au>
Cc: FirewallsMailingList <Firewalls @ greatcircle . com> 
     

Hello all

Some mail from Darren Reed on the 29/04/96 said:

    
>      You still appear to be missing the point; There are only so many tests > 
>    that "authorised" specialists can run, be they tried & trusted or 
>      otherwise.  The point I'm making, is that the only way a system's 
>      security can truly be asessed, is by letting it loose on the internet, > 
    where there are an infinite number of "tests" available!

D>This point has been discussed many times in reference to "break in" 
D>competitions.  It has generally been agreed upon that all you ever prove is 
D>that you can keep out those who attempt to break in, not that you can keep 
D>everyone out or that you're immune to every attack.

I agree.

D>Whilst an infinite number of tests _might_ be available, only a finite number 
D>can be carried out and if you're knowledgable enough about what it is that is 
D>being "tested", you should be able to replicate or deal with a good % of those
D>tests.

This is fine, but the world of crackers is constantly evolving, and becoming 
more sophisticated with each new "challenge".

[...]
> I agree that it's unfortunate that the crackers have to be "unauthorised".

D>Ahem!

D>The only other option is to decriminalise what they do.  Back in the early 
D>days of the Internet, they weren't doing anything illegal when they played 
D>their games from the Netherlands (I'm sure you've read the Berferd story, and 
D>others).

Whether it's legal or not doesn't matter a smudge - if they wanna do it,
they're gonna do it.  No matter how much legislation is put in place, people 
will always do stuff for kicks.

D>I think it is quite fortunate for us that (using this example) the government 
D>in the Netherlands eventually moved to put in place laws which allowed those 
D>pranksters to be arrested.

You mean there aren't any "pranksters" left in the Netherlands?

>I'm not condoning hacking in any way - I'm merely suggesting that in their > 
>own 
>way, they are providing a service to US, by exposing the weaknesses in our > 
>security systems. I never suggested that crackers were scrupulous.....

D>Well, I prefer the "information" only service, without the breakins or 
D>attempted breakins, wouldn't you ?

Yes, but then I'm a realist, and appreciate this isn't possible.
     
     D>Darren
     
     Rgrds      Rob "gimme a beer" Holman
Indexed By Date Previous: Re: [NTSEC] RE: L0pht Scanning - Beware
From: "Craig I. Hagan" <hagan @ cih . com>
Next: Re: need some directions
From: ArkanoiD <ark @ paranoid . convey . ru>
Indexed By Thread Previous: Re: Re[8]: L0pht Scanning - Beware
From: Adam Burns <adamb @ netstorm . net . au>
Next: Re: Re[4]: L0pht Scanning - Beware
From: Robert Bonomi <bonomi @ delta . ece . nwu . edu>
Google
 
Search Internet Search www.greatcircle.com