Secure Coding mailing list archives
[WEB SECURITY] RE: How to stop hackers at the root cause
From: arian.evans at anachronic.com (Arian J. Evans)
Date: Tue, 13 Apr 2010 15:21:26 -0700
Keyboard Cowboy, Education is always a good thing. I think kids should have the opportunity to learn both sides of software security. Great suggestion. Kids, by nature, are drawn to things that are taboo and demonized. Which hacking no doubt falls into, and according to Daniel, also Angelina Jolie. We can find great analogies to the "hacker kids problem" in recent studies done on teenage behaviors: The Bible Belt, particularly evangelicals in the south, have the highest rates of teen sex and pregnancy in the US. Telling kids to "abstain" clearly doesn't work as well as teaching them how things work, and in particular careful education surrounding the use of safety devices. To the exact point you made in your blog. We see the exact same statistics surrounding firearm safety and education (in the US, again). Children (and adults) exposed to firearm safety and education rarely fall into firearm-accident statistics. Studies indicate that it is the kids we hide things from, that want to pull the trigger to see what happens when they discover the [taboo]. In locations where children have open and honest instruction, and are provided with viable outlets for their firearms (say, condoms) we find discharge accident rates to be lower per-capita. Again - the same point your blog post was making. --- The Bad Peoples: None of this does anything to solve the "Bad People" hacking problem. That solution requires Guns or Religion, which is far off topic for this list. As Daniel pointed out - there's also a huge problem in webappsec with *poor people*. So, I think Daniel has some ideas for dealing with them too, but I, the reader, am not sure I understand what he is suggesting. When he comes back through the door maybe we'll learn more. Definitely an exciting subject! --- Arian Evans Solipsistic Software Security Sophist On Tue, Apr 13, 2010 at 6:33 AM, Daniel Herrera <daherrera101 at yahoo.com>wrote:
DARE didn't stop youth drug use, Sex Ed didn't stop teen pregnancy rates, Why would your program stop/reduce script kiddies... j/k In all seriousness I think your perspective on the cost/benefit is really skewed on this one. Attacks against US assets are a method of revenue generation in several impoverished areas around the world. Places where the infrastructure would have very little means to even begin implementing a program like you described without serious financial aid. And once such a system was put in place the financial drive would still push people to participate in this behavior to feed their families, pay their rent, etc. In the end I would try to think about the drivers behind malicious behavior a lot more closely. Sure there are examples were "hacking" has been romanticized in the past within our society but not enough for some kid to watch the movie "HACKERS" and then decide to go after his grandmothers credit card because then he would get to date Angelina Jolie. (well other than me) I wrote this on my way out the door so my point is in there some where but probably should go through some back and forth to get cleared up let me know if you, the reader, disagrees. Regards, Daniel --- On *Mon, 4/12/10, Matt Parsons <mparsons1980 at gmail.com>* wrote: From: Matt Parsons <mparsons1980 at gmail.com> Subject: [WEB SECURITY] RE: How to stop hackers at the root cause To: "'Matt Parsons'" <mparsons1980 at gmail.com>, SC-L at securecoding.org Cc: OWASPDallas at utdallas.edu, "'Webappsec Group'" < websecurity at webappsec.org>, webappsec at securityfocus.com Date: Monday, April 12, 2010, 9:51 PM I have published a blog post on how I think we could potentially stop hackers in the next generation. Please let me know what you think of it or if it has been done before. http://parsonsisconsulting.blogspot.com/ Matt Parsons, MSM, CISSP 315-559-3588 Blackberry 817-294-3789 Home office "Do Good and Fear No Man" Fort Worth, Texas A.K.A The Keyboard Cowboy mailto:mparsons1980 at gmail.com<http://mc/compose?to=mparsons1980 at gmail.com> http://www.parsonsisconsulting.com http://www.o2-ounceopen.com/o2-power-users/ http://www.linkedin.com/in/parsonsconsulting http://parsonsisconsulting.blogspot.com/ http://www.vimeo.com/8939668 [image: 0_0_0_0_250_281_csupload_6117291] [image: untitled]
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://krvw.com/pipermail/sc-l/attachments/20100413/8ee9a36c/attachment.htm>
Current thread:
- How to stop hackers at the root cause Matt Parsons (Apr 12)
- Message not available
- [WEB SECURITY] RE: How to stop hackers at the root cause Arian J. Evans (Apr 13)
- Message not available
- [WEB SECURITY] Re: [owaspdallas] Re: [WEB SECURITY] RE: How to stop hackers at the root cause Arian J. Evans (Apr 14)
- [WEB SECURITY] RE: How to stop hackers at the root cause Arian J. Evans (Apr 13)
- Message not available
- Message not available
- Message not available
- [WEB SECURITY] RE: How to stop hackers at the root cause Jeremiah Heller (Apr 13)
- [WEB SECURITY] RE: How to stop hackers at the root cause Rob Floodeen (Apr 14)
- [WEB SECURITY] RE: How to stop hackers at the root cause Wall, Kevin (Apr 14)
- [WEB SECURITY] RE: How to stop hackers at the root cause Jeremiah Heller (Apr 14)
- Message not available