Bugtraq: Re: Various resources

[c617666 () everest cclabs missouri edu (Paul Walmsley)]

On Sat, 8 Oct 1994, Mark wrote:

> One example that comes to mind is someone who wanted to get rich quick in
> the cracking tools sense and he expected to just turn up and have it all
> given to him. It didnt happen of course as he was an unknown and had to
> basically do the social interaction to prove his character before he was
> to have any trust emplaced in him. But, as you might expect he didnt want
I'm not sure that I completely believe this model.  Some "trashers" have
all the scripts, and don't hesitate to use them.  Plus, it's becoming
progressively easier for unknowns to get their hands on high-powered
tools.  I don't think that this is necessarily a Bad Thing, or otherwise I
wouldn't support full disclosure.  The Bad Thing is that one has no idea
how "socially responsible" an unknown is. 

If your network is completely populated with users who wander around from
system to system doing Good Things, like fixing problems -- or just
generally being "socially responsible," then there really is no need for
security.  Very utopian, unfortunately.  rms used to have an unpassworded 
account on the GNU project machines; if memory served, he had to add a 
password due to the crap that "non-socially responsible" people would 
perpetrate under his ID.

The aware sysadmin ends up with the compromise of having to spend a 
considerable amount of time on security in the hopes that whoever is 
sophisticated enough to break in will also be sophisticated enough to be 
a hacker in the more traditional sense of the term.

(This discussion is kind of off-topic for Bugtraq - E-mail is probably 
best for continuing this one.  Maybe a comp.security.philosophy :) )

> Cheers,
> Mark
- Paul "Shag" Walmsley <ccshag () everest cclabs missouri edu>
  "I am learning and evolving."