Create an Account
username: password:
 
  MemeStreams Logo

RE: The Six Dumbest Ideas in Computer Security
search
Home Agent Weblogs Social Network Post Help About


RE: The Six Dumbest Ideas in Computer Security
by Dagmar at 6:48 am EDT, Sep 14, 2005

flynn23 wrote:

Dagmar wrote:
The title pretty much says it all. I'm only about halfway through it at the moment, but I don't want to be so full of giggles when I'm done that I forget to pass the URL along.

Read it, email it to co-workers and family. Even meter-maids and politicians should be able to understand the messages carefully contained therein.

It is Clue.

This is unfortunately like a lot of other idealistic rants in that while probably very correct, it is meaningless in a world that does not operate that way. It's like saying that government should be of and for the people and not corrupted. Yes, that's true. But it's impossible to remove corruption because that's just the way the world works. In the case of these ideas, you can't NOT operate in a Penetrate and Patch model because that's what EVERYONE ELSE IS DOING. Even if you were to base all of your internal systems in your control on removing code rather than patching, you don't live in a vacuum, so you'd still be enslaved to the Penetrate and Patch model. So while this is a great mental exercise, it offers little in the way of practicality for the modern CIO/CTO to do anything differently.

I also disagree entirely with the Hacking is Cool idea. If it wasn't for the culture that lures and instigates, perpetuates and expands this ethos, most of the people on this site would not have jobs or useful skills. Hacking is what taught many of us about How Things Work. Reverse engineering is a much needed skill that is woefully underabundant. If anything, we should be encouraging more of this type of curiosity and exploration. You, unfortunately, cannot remove human nature from this equation, so you will continue to get people that chose to use knowledge for evil rather than good. I fail to see how it's any different from anything else in life.

Hacking needs to be uncool to the majority and go back to being cool only in the eyes of our little sub-culture.

If you want an example, there was a time when perhaps you could have 20 hackers in a room, lay a document in front of them detailing something that would "break" significant portions of the internet in a fatal and non-recoverable way, and they would collectively shudder and start creeping away from it after having given it a good look-over for curiousity's sake.

Now we have DefCon, where so many irresponsible twits show up that the idea of any such document being present there fills us with stark, gibbering fear and instead of hackers not wanting to touch said document, there would presently be a Grand Melee of literally hundreds of people fighting tooth and nail for the power to destroy the internet, amid cries of "FOR GREAT JUSTICE!" and "J00 \/\/1Ll pH34R mY 4w3Sum p0W4h!" (and you'll pardon me for not using the proper high-ansi characters).

It's time to begin thinning the herds.

RE: The Six Dumbest Ideas in Computer Security

Thread [13] - Reply

  
 
Powered By Industrial Memetics