Re: Extreme Hacking

Bennett Todd (betnewritz.mordor.net)
Tue, 13 Jul 1999 02:09:05 +0000

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Matt Dunn: "The devil's in the details"
• Previous message: Juergen.Nievelergecits-eu.com: "Dangers from SNA?"
• Next in thread: Tommy Ward: "Re: Extreme Hacking"

1999-07-09-03:38:02 Brad J Passwaters:
> On Wed, 7 Jul 1999, Darren Reed wrote:
> > Knowing how to break into a system does not provide knowledge in making it
> > secure.
> Knowing that running program A will get you a root shell does not help you
> secure your system.

There's an interesting and important difference between those two statements.

While knowing how to break into a system doesn't tell you how to secure it,
having a test program that can demonstrate a bug is really valuable for
convincing yourself that you've actually fixed it. And being able to
demonstrate how easy a bug is to exploit is often _very_ valuable in
convincing people to commit the resources (possibly in loss of access to
systems, or loss of the convenience of some poorly-designed utility, or
whatever) to address the problem.

-Bennett

• Next message: Matt Dunn: "The devil's in the details"
• Previous message: Juergen.Nievelergecits-eu.com: "Dangers from SNA?"
• Next in thread: Tommy Ward: "Re: Extreme Hacking"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:19:03 CDT