[clue-talk] hrmmm

[Matt Poletiek]

You guys might be interested in this.

https://www.hackdmz.net/articles/read.php?article_id=4

On 7/26/07, Matt Poletiek <chill550 at gmail.com> wrote:
> Agreed. However, that mentality has created the security industry.
>
> Its a lot easier to sign an agreement than to audit your own code
> (Microsoft & Symantec).
>
> It is also a lot easier to buy a product or solution that makes you
> "feel" better than it is to hire a security professional to audit your
> IT systems.
>
> Since the dawn of capitalism people no longer care about the
> technicalities of a solution to a problem. They see a problem and they
> throw money at it.
>
> This lack of motivation to fix one's own product has created the
> security firms who will do it for you.
>
> This goes beyond the average computer user though. With all the
> corporate scandals as of late, 911, and the war on terrorism with the
> threat of "cyber terrorism", corporate america is scared shitless.
>
> Not to say I believe in cyber terrorism or any of that bullshit.
>
> I do believe in the evolution of code and the evolution of code tells
> me there will always be room for logic that refutes a developers
> product. Code to break code.
>
> Therefore the mentality it takes to look at a finished product and be
> able to make it do something it wasn't supposed to will be around
> forever.
>
> Human nature.
>
> Instead of outlawing it, calling it a sin, and punishing the curious.
> We need to harbor it and make it work for us.
>
> >Wouldn't you be afraid with words like "viruses" and "trojans" used
> >to describe what are actually "complete self-operating programs doing
> >bad things on your computer, like removing files or capturing your
> >keystrokes, that the designers of your chosen OS and user software
> >weren't careful enough or thorough enough to protect you from"?
>
> Those who really care about the solution will learn how it works.
> Those who just want to throw money at the problem will be sold by
> Microsoft and the Security industry. People think that by adding
> layers of protection to their code they are making it more secure,
> when in reality they are adding more layers of logic that could be
> broken while not ever hardening the lower layers.
>
> Its human nature to not care as long as it works. It has been this way
> with automobiles and mechanics since their day.
>
> Again, human nature. Those who care, will seek the answer. Those who
> don't, are possible victims.
>
> Having insecure machines isn't necessarily a bad thing. It teaches us
> a lesson and without them there would be no security industry. There
> would be no computer industry as we know it today.
>
> What most people don't understand is 90% of the exploited code out
> there is for nothing more than marketing purposes.
>
> When I say the Security Industry is slowly growing ligit. I mean there
> are people within corporate america with massive networks to protect.
> They are throwing money at their solutions and are still getting
> compromised. Then they run around like chickens with their heads cut
> off screaming cyber terrorism and all, finally realizing they should
> hire a security professional. Didn't the city of Denver just recently
> obtain CSO? After how long?
>
> The next problem is the relationship between the hired security
> professional and the users is trust. That is one can of worms I hope I
> never have to deal with.
>
> Sorry, this is kinda a ramble.
>
> On 7/26/07, Nate Duehr <nate at natetech.com> wrote:
> >
> > On Jul 26, 2007, at 2:13 AM, Matt Poletiek wrote:
> >
> > > Computer Security is slowly becoming a ligit industry. I blame the
> > > fear amongst the masses currently, but hey. Whatever one will do for
> > > money is their own choice.
> >
> > Wouldn't you be afraid with words like "viruses" and "trojans" used
> > to describe what are actually "complete self-operating programs doing
> > bad things on your computer, like removing files or capturing your
> > keystrokes, that the designers of your chosen OS and user software
> > weren't careful enough or thorough enough to protect you from"?
> >
> > I know that's a mouthful, but most people (who barely understand how
> > to drive their mice) would be a lot more pissed off at the root-cause
> > instead of the "hackers" if we techies stop using pity catch phrases
> > to describe things and tell them like they really are.
> >
> > Would you buy a computer if your friends had ALL heard this line from
> > their techies that Microsoft did not bother to write something well
> > enough to keep bad people from getting a simple website to do
> > severely malicious things to them, and that their continuing problems
> > mean that they have to re-release new patches to fend off all their
> > bugs they created every month or so?
> >
> > Seriously -- the computer industry overall is a bunch of flim-flam
> > artists, even the places I've worked for... everyone believes that
> > it's okay to release software with known bugs (discounting that for
> > every known bug there's usually X more...) and state-of-the-art still
> > means that everything makes it through the day without major security
> > holes eating you alive.  Home computer users don't have Corporate IT
> > departments to protect and supposedly train them (seen any computer
> > training classes for anyone where you work lately) and their machines
> > end up cesspools of spyware, malware, and whatever else the press
> > likes to call it.  "Virus" sounds so much sexier than "software any
> > 14 year old could write that will attack your files on your machine
> > because the professional adults at your Operating System company
> > can't get their **** together.
> >
> > Macs are slightly better than PC's in the security regard, but
> > honestly for more than 30 years of doing "computers" in the world,
> > the standards, nay... "building codes" aren't there yet.  I can
> > imagine that if the last 30 years of houses built had as many holes,
> > leaks, and problems as OS's and application software do -- most
> > builders would be bankrupt, and the homeowners would have demanded
> > inspectors by now.  Do you see that coming in software?  I don't.
> > Especially not in OS's.
> >
> > We're too busy changing the OS's to audit them.
> >
> > --
> > Nate Duehr
> > nate at natetech.com
> >
> >
> >
> > _______________________________________________
> > clue-talk mailing list
> > clue-talk at cluedenver.org
> > http://www.cluedenver.org/mailman/listinfo/clue-talk
> >
>
>
> --
> Matthew Poletiek
> www.chill-fu.net
>


-- 
Matthew Poletiek
www.chill-fu.net