|
Bugtraq
mailing list archives
Re: Resistance is futile, or what I learned trying to secure the scanner
From: adam () HOMEPORT ORG (Adam Shostack)
Date: Tue, 12 Oct 1999 17:28:18 -0400
On Tue, Oct 12, 1999 at 11:17:29AM -0700, David LeBlanc wrote:
| I was in the middle of the effort to try and protect ISS' Scanner against
| the licensing being cracked, so I've got some unique insight. It took the
| crackers about 3 months to crack the 4.0 release of the NT scanner (I was
| honored that they'd rather crack the NT version I built instead of the UNIX
| version, but...).
Hey, we went through this too, ya know! :)
David and his group went to a lot more effort than we did. I
advocated against doing this work, even though it would have been a
lot of fun, and even though I was really interested in it as a
fascinating problem, it relates very closely to the copy-protection
problem, which is unsolved. I don't think you can build a system in
software only which a sufficiently dedicated attacker can't crack.
This is the position that I advocated when we were building
Hackersheild, and thats the position that prevailed: That its not
worth spending a lot of time and energy on, because you will lose if
your attacker has control of the system on which you run.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
 By Date 
By Thread
Current thread:
|
Intro
