OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: [ISN] Who Are These Jerks, Anyway?- Not true hackers !!!!!

From: mea culpa (jerichoDIMENSIONAL.COM)
Date: Thu Feb 17 2000 - 02:33:30 CST

[Moderator's note: I appreciate all the great replies on this thread.
 Unfortunately this isn't set up to be a true discussion list so I
 was not able to forward all the comments on (close to 20). This
 will likely be the last post in the thread.]

From: "tron" <wfareworldonline.co.za>

I would like to add my 2 cents - and jump right in. with some comments on
"Whites, Johnathan and others" email - Note these are my opinions.

"The problem still seems to me to centre around this idea of full
disclosure, as soon as possible, as simply as possible. " and "Well, if we
don't tell people, they won't know. We need to get these exploits out. It
is better everybody knows than only one or two people in the world. Then
something will be done" type arguments."

I am a technical person - I have a MCSE - what it is worth, have several
years on NT, have been System Administrator for various systems and users
- My main problem was that I could never keep up with the latest
development - Software patch's where always behind, by, at least two
steps, it is like trying to close the stable door after the horse was gone
- The other problem was senior management with 'Don't touch the system its
working 'or 'why do we need to upgrade / patch this or that ? and the most
famous of all "Do you know what this is going to cost - in manpower and
down time to check the system ? Never mind the potential loses and costs
to the company which would occur if system was downed by what ever reason.

In my case the only way I could keep within reasonable distance of the
ever changing goal posts was by reading and collecting as much information
as possible - Mostly from the sites not mentioned and mentioned. I am not
a software person (no comments from the peanut gallery)- thus I rely on
others to do what is necessary to create the necessary fix's.

What I could do is apply the hacker's tools, see where my 'system' has
short comings, try and prevent it from happening and look for fix's from
those with similar problems.

In my humble opinion (and the hate mail will flow in again) a large
percentage is due to sloppy coding - two reason for this: 1)is that
developer are pushed for time and do not have sufficient time to test all
aspects nor the resources to test it to the n degree. 2)is the physical
size of projects with numerous people ( not all 100% able to do the task
in hand) working to complete it. It is totally impossible not to create
something that big which can not be compromised.

The other reason for this is Hardware related, not all OEM and others are
100% compatible with each other - Most times we are just happy if( the
hardware) seems to work and then we use a software hack to get it to do
what it should have done originally.

But to get back on the topic - Yes there will be those that use the
knowledge put out for "evil" purposes but in similar vain there are those
as myself whom need this knowledge to prevent this from happening to us.
And the only place to get the most up today information was not from the
Software House or manufacture but from the internet.

"security is a serious business" The changing internet has brought forth a
aspects where many "users - I use the term lightly" can "test" a product
to the n degree and discover all it's weakness. My concern is that like a
ice berg, only a small portion of all problems and short coming are really
reported - I remember when NT 3.5 was a beta product and we where using it
and sending in regular reports regards problems - apart from the
occasional acknowledgement nothing was really done to improve it then -
Nowadays NT4 with service pack 6 it is the only product rated true C2
ready now, by the Defence Department -( How many years later after NT 4
was first placed in operation as the OS of choice ? )

Hackers ( I thing that there should be another term / name for them - How
about "Netwarriors" ) are a part and parcel of the internet - Just like in
the good old days of the good witch's and the bad witch's and "White Magic
to Black Magic". They are there to stay and we will have to make the best
of them - My question is will White or Black magic prevail ?

Quote or mis quote " Monkey see, Monkey do"

Anton Coetzee.

e-mail : ads1mailcity.com

ISN is sponsored by Security-Focus.COM