[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3D5E310A.979A2510@bank-connect.com>
From: peter at bank-connect.com (Peter van den Heuvel)
Subject: Yes?
Personally I find the last weeks quite stimulating, educational and even
entertaining. Although things tend to get meaningless where factions
communicate from their local perspective without making the effort to
connect to the opposed context.
I'm not much of a "hat" at all, though I work in IT, self employed and
part of my work is even security related. To me an open source of facts
and opinions (like this list) is essential to my survival: we must know
the world we're living in. I've never actually used a published exploit,
nor have I ever corrected vulnerable code. But the exploits as they were
published did however provide a solid understanding that "there's a
tiger in the forest and this is what it looks like". I have no actual
wish for ALL exploits to be published. Indeed, nothing is more dangerous
than the invincible.
Once exploits are puplished, specially the larger organization tends to
first ignore the fact. When forced into action by incidents and damage
they simply plug the hole but mostly fail to make the structural changes
that would be required to realy deal with the issue. But even if they
did, would that make a big difference? You can improve safety of cars
but you cannot prevent their owners from driving like idiots. So
although they feed and leech, in the end nothing realy changes. And they
will make their money quite as effectively without the help of published
exploits.
Buying exploit code exclusively? Unless with criminal intent I fail to
see the effectiveness in this. Try to sell your private knowledge on one
or two specific holes to the keeper of a sieve. At least there's a
business opportunity for those that failed to sell viagra, free loans or
hot-sluts.
I do not hold any hope that something as complex and intricate as a
large computer network can be made flawless and 100% secure. That is
mainly because of the focus on features instead of reliability and the
nature of the humans using it. Open source software is usually not much
better than commercial code in that respect. So there's the permanent
feeding-ground for both the black and the white hat.
White hats and black hats... So funny that all extremes fail to realize
that they exist only because of the counter-extreme they oppose. No
better legitimacy for security experts than the existence of hackers and
vice versa. None will disappear whithout the other going as well.
A holy war between the despicable established imperialist mobsters and
the criminal lowlife anarchist hackers! How quite effective history has
proven holy wars and prohibition to be, specially so if started without
the fundamental insight into the broader context. And calling one
another names and underestimating the opponent makes such a nice start.
Any conflict is the confrontation of the opposite faces of the the same
coin; as per definition.
So my point: the conflict is simply permanent, feeds on lack of
understanding and won't change a thing. I find the recent attempts to
outlaw open-source, the publication of exploits (here both factions
strive towards the same!) or encryption and to allow large-scale
indiscriminate and uncontrolled tapping of communication much more
disturbing and relevant than the false hopes that the publication or
retainment of some exploits will make a dent. But maybe we all prefer
the intimate but futile quarrel over the real threats of life.
Peter
Powered by blists - more mailing lists