Firewall Wizards mailing list archives
Re: Extreme Hacking
From: "Ryan Russell" <Ryan.Russell () sybase com>
Date: Mon, 5 Jul 1999 18:35:55 -0700
I have to remain a little sceptical on this point. What I think they mean is that they invented a few tricks of their own, which they aren't planning on publishing -- they'll leak out pretty quickly, once the class has run a couple times. I find it hard to imagine that teaching something in a class is a good way to keep it a secret.
Agreed.
A number of "reputable" security companies develop their own hacking techniques. I'm not sure what the justification is -- other than that it just comes naturally, since they tend to hire "ex-"hackers. It'd be unrealistic to expect those guys to stop thinking in terms of how systems are broken into, and to shift their thought-patterns into thinking about how to keep systems secure.
Don't we all keep a few such "database" items? In our heads, if nowhere else?
Am I the only person who has a problem with the idea of someone teaching hacking techniques? Sometimes I think I am.
Unfortunately, probably not. This has a certain hypocritical ring to it.. Are you claiming that you've never taught anyone technique? Is it really possible to build an IDS product without such knowledge? I'll stop short of accusing you of breaking in to anyone else's systems without permission... but I'm sure you must have at least broken into your own. Seems I remember some paper about going into unauthorized places... says to play dumb or some such. Anyway, look it up, it offers some useful techniques. If one believes as I do, that we can only create secure systems by having people who know how to break insecure ones, then it makes sense to teach technique. We need more eyeballs. If not, then not.
Hacking isn't a technological problem, it's a social problem. As such, it's not going to be "solved" by technological means, but rather by social means.
Defending against hacking may be more social than technical.. But how to perform a hack is largely technique and methodical process. That can be taught like any other techno, no problem.
I'm pretty sure that the best way to reduce the amount of hacking is _not_ to glorify it, charge people money to learn it, and hire people as consultants for lots of money because they have hacking backgrounds. The only way I can think of to make hacking unattractive is to make it really really expensive when you get caught.
I would have hoped that YOU would not fall prey to the trap of confusing the terms "hacker" and "criminal". Ryan
Current thread:
- Re: Extreme Hacking, (continued)
- Re: Extreme Hacking Joseph S D Yao (Jul 12)
- Re: Extreme Hacking Craig H. Rowland (Jul 12)
- Re: Extreme Hacking Stephen P. Berry (Jul 08)
- Message not available
- Re: Extreme Hacking Vanja Hrustic (Jul 09)
- Re: Extreme Hacking Bennett Todd (Jul 12)
- Re: Extreme Hacking Marcus J. Ranum (Jul 12)
- Re: Extreme Hacking Jody C. Patilla (Jul 07)
- Re: Extreme Hacking Rafi Sadowsky (Jul 09)
- Re: Extreme Hacking Darren Reed (Jul 12)
- Re: Extreme Hacking Darren Reed (Jul 08)
- Re: Extreme Hacking Brad J Passwaters (Jul 12)
- Re: Extreme Hacking Darren Reed (Jul 12)
- Re: Extreme Hacking Brad J Passwaters (Jul 12)
- Re: Extreme Hacking Bennett Todd (Jul 13)