lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200602161645.25665.maxashton@eml.cc>
Date: Thu, 16 Feb 2006 16:45:21 +0000
From: Max Ashton <maxashton@....cc>
To: bugtraq@...urityfocus.com
Subject: Re: Vulnerabilites in new laws on computer hacking

Here here, Paul.

Worried your test network isn't "real" enough? Make it better! Throw in IDS, 
patch management, whatever. 

As Paul suggested, get your buddies involved. I've seen workshops where people 
are designated "attacker" and "defender", objectives are obvious.

If kids / pro's aren't smart enough to realise the benefits of this kind of 
exercise, they really have no business being in our trade.

I'm with Paul. I don't care *who* you are or how ethical you *think* you are, 
it's not ethical to break into someone else's computer system without 
authorization for whatever reason, and you should be prosecuted for it.

There are ample tools out there to setup a test network ranging from FOSS 
tools like QEMU and commercial stuff like VMWare etc. 

There's no excuse.

Max
> Oh, well that gives me great comfort.  Never mind that I can be prosecuted
> for the breakin because I've violated a law such as GLB, HIPAA, etc. by
> "allowing" a breakin.  I'm glad your friends are so "ethical".  If you only
> think about what's in it for you, you'll always be slanted toward violating
> the law.  Try thinking about the poor victim whose systems you're breaking
> in to.  Put yourself in their shoes and ask yourself, how would I feel if I
> discovered that someone had entered my systems without my knowledge?  Or
> bettter yet, how about if I reach in your pocket and take the keys to your
> car, take it out for a spin, then return it?  Are you OK with that?  No
> hard feelings?
>
> Paul Schmehl (pauls@...allas.edu)
> Adjunct Information Security Officer
> University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu/ir/security/

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ