OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: Re: Extreme Hacking

Re: Extreme Hacking

Bennett Todd (betnewritz.mordor.net)
Fri, 9 Jul 1999 00:26:58 +0000

1999-07-05-20:26:55 Marcus J. Ranum:
> Hacking isn't a technological problem, it's a social problem.
> As such, it's not going to be "solved" by technological means,
> but rather by social means.

I dunno, much as I hate to step up and disagree with you of all people, I
can't quite sit still for that.

I believe "hacking" (in the sense it's being used here, as in burgling) is a
symptom of a technological problem. Substantial and sophisticated systems,
offering rich and diverse services, _can_ be designed and assembled with no
exploitable security problems; a certain amount of conservative caution is
needed, and in maintenance you have to keep an eye out for new discoveries,
but if more people designed systems with security as a primary requirement,
there'd be negligble activity among the computer burglars --- going around
twisting doorknobs gets boring if none of 'em ever turn.

The cool thing is that making security a driving requirement pushes you
towards simpler designs, based on stable and well-designed building blocks,
and these in turn tend to be reliable, and often very fast; there are rewards
all over for doing things right from the beginning.

Admittedly it can be nearly impossible to retrofit security onto a
sufficiently-screwed-up, sufficiently-large system --- but such a screwup is
where you can routinely demonstrate terrific benefits from a cold redesign and
reimplementation.

-Bennett

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:19:02 CDT