Firewall Wizards mailing list archives

Re: Extreme Hacking

From: Bennett Todd <bet () newritz mordor net>
Date: Tue, 13 Jul 1999 02:09:05 +0000

1999-07-09-03:38:02 Brad J Passwaters:

On Wed, 7 Jul 1999, Darren Reed wrote:

Knowing how to break into a system does not provide knowledge in making it
secure.

Knowing that running program A will get you a root shell does not help you
secure your system.


There's an interesting and important difference between those two statements.

While knowing how to break into a system doesn't tell you how to secure it,
having a test program that can demonstrate a bug is really valuable for
convincing yourself that you've actually fixed it. And being able to
demonstrate how easy a bug is to exploit is often _very_ valuable in
convincing people to commit the resources (possibly in loss of access to
systems, or loss of the convenience of some poorly-designed utility, or
whatever) to address the problem.

-Bennett

Current thread:

Re: Extreme Hacking, (continued)
- - Re: Extreme Hacking Jody C. Patilla (Jul 07)
- Re: Extreme Hacking ark (Jul 06)
- Re: Extreme Hacking Ryan Russell (Jul 06)
  - Re: Extreme Hacking Rafi Sadowsky (Jul 09)
    - Re: Extreme Hacking Darren Reed (Jul 12)
- RE: Extreme Hacking sean . kelly (Jul 06)
  - Re: Extreme Hacking Darren Reed (Jul 08)
    - Re: Extreme Hacking Brad J Passwaters (Jul 12)
    - Re: Extreme Hacking Darren Reed (Jul 12)
    - Re: Extreme Hacking Brad J Passwaters (Jul 12)
    - Re: Extreme Hacking Bennett Todd (Jul 13)
    - Re: Extreme Hacking Tommy Ward (Jul 12)
    - Re: Extreme Hacking dreamwvr (Jul 12)
  - Re: Extreme Hacking James Burns (Jul 12)
  - RE: Extreme Hacking George Jones (Jul 12)
  - Message not available
    - RE: Extreme Hacking Jody C. Patilla (Jul 12)
- RE: Extreme Hacking Frank W. Keeney (Jul 07)
  - RE: Extreme Hacking char sample (Jul 12)
    - RE: Extreme Hacking mht (Jul 12)
- Re: Extreme Hacking Matt McClung (Jul 07)
- RE: Extreme Hacking LeGrow, Matt (Jul 09)

(Thread continues...)