From: Ryan Gill (rmgill@mindspring.com)
Date: Sun Jun 29 2003 - 21:10:23 PDT
At 10:42 PM -0400 6/29/03, Steve Grammont wrote:
>That is something you and I see eye to eye on. It is a security product
>and the end user should have a reasonable right to ensure that it is
>working as advertised PROVIDED it was purchased legally and the one being
>tested is the same one. This is like disassembling a carburetor on your
>own car which you suspect is malfunctioning. Not the same as someone
>playing around with parts on my car when they aren't invited to do so.
The thing is, I'm a get the job done type person that works for a
major corporation. I'd much rather get word on the sly at a 2600
meeting that our wireless network is easily hacked from across the
street in Centenial park rather than through an evasive and cryptic
e-mail sent to everyone that our network access is getting changed
that day due to a 'security incident'.
That's one of the reasons I find the 2600 crowd on the local level
more than useful. I'd rather that a local hot shot with better math
than most of the graduating class at Ga Tech tells us of holes than
some group of Red Book waving PRC script kiddies take the CNN site
down. I'm just a data center guy, but I see the bigger picture.
>And because too many hackers like to take joy rides in other people's
>servers, do distructive things, and generally be criminal you get an
>overreaching law. Just like we MVers are always at risk of seeing when
>someone with an MV does something illegal/asinine.
The problem is that there are hackers and there are Hackers. The
latter type are the ones that figure out there is a serious security
flaw in say the latest build of sendmail and report it far and wide.
Those same people are the ones that show that a wireless network with
a secure ID fob are still seriously vulnerable if you're really smart
and have the math and coding knowledge to exploit the holes.
Some times the Hackers take some liberties. Generally the smart ones
have a leave no trace kind of ethic. Generally they're quite benign
to the average sys admin and rather beneficial. They do tend to
embarrass some folks, especially senior admins or corporate types.
Now, the low grade 'hacker' that uses scripts to exploit something
that everyone know's is a problem, with personal gains as the goal,
well, then that's more of a problem than a benefit (by far). However
does it mean that a 17 year old script kiddie needs to be treated
like a violent felon, denied constitutional rights, treated like a
terrorist and handled like he's some magical genus that could hack
the pentagon's super secure mil-net computers with a telephone and a
calculator...I think not.
Frankly, I'd rather see the spammers given a bit more of the
attention the Feds are only too happy to point at kids with nothing
more than a few hundred dollars to their names.
-- -- Ryan Gill rmgill@SPAMmindspring.com ---------------------------------------------------------- I speak not for CNN, nor they for me. But I do work there and still like the company. ---------------------------------------------------------- | | | -==---- | O--=- | | /_8[*]°_\ |_/|o|_\_| | _________ | /_[===]_\ / 00DA61 \ |/---------\| __/ \--- _w/|=_[__]_= \w_ // [_] o[]\\ _oO_\ /_O|_ |: O(4) == O :| _Oo\=======/_O_ |____\ /____| |---\________/---| [__O_______W__] |x||_\ /_||x| |s|\ /|s| |s|/BSV 575\|s| |x|-\| |/-|x| |s|=\______/=|s| |s|=|_____|=|s| |x|--|_____|--|x| |s| |s| |s| |s| |x| |x| '60 Daimler Ferret '42 Daimler Dingo '42 Humber MkIV (1/2) ----------------------------------------------------------
This archive was generated by hypermail 2.1.4 : Sat May 07 2005 - 20:21:47 PDT