[clue-talk] hrmmm

Nate Duehr nate at natetech.com
Mon Jul 30 00:14:01 MDT 2007 

On Jul 26, 2007, at 11:07 AM, Matt Poletiek wrote:

> Instead of outlawing it, calling it a sin, and punishing the curious.
> We need to harbor it and make it work for us.

I agreed with you right up until that point.  Then you lost me.

I suppose we shouldn't outlaw burglars, and not punish the curious  
who would like to find out what it's like to break into a house, and  
harbor them and make them work for us too?

LOL!  Whatever.

People breaking and entering on a computer are no better than people  
breaking and entering into a home or business.  Throw 'em in jail.   
If they were only "curious" they could break into their OWN computers  
loaded with whatever they want to load... all day long, with no harm  
or potential harm done to others.

> Those who really care about the solution will learn how it works.

Those who really care about the solution need lots of time and money  
to figure it out, thus sell out and become "the security industry".   
Now their motivation is suddenly different.  A good example would be  
SANS.  Started out as a mostly research site, good book or two from  
papers their students wrote (not a bad way to get money out of work  
you never did yourself, there Northcutt) and nowadays, in bed with  
all sorts of government agencies, putting on all sorts of "security  
certification" courses, and "intro" courses for lots of completely  
clueless people... and charging $3500 a head for it.

Nice work if you can get it.

Do you really think SANS wants to fix the problems permanently now  
that they're making a wicked living off of them?

Patches are forever, really fixing the software puts you out of a  
job.  Look at the work of even the best software developers... the  
smartest folks on the planet still can't release anywhere close to  
bug-free code after 30 years of commercial computer software  
writing.  Pitiful, or just smart enough not to work so hard they make  
something great -- you decide.

> When I say the Security Industry is slowly growing ligit. I mean there
> are people within corporate america with massive networks to protect.
> They are throwing money at their solutions and are still getting
> compromised. Then they run around like chickens with their heads cut
> off screaming cyber terrorism and all, finally realizing they should
> hire a security professional. Didn't the city of Denver just recently
> obtain CSO? After how long?

Don't know what CSO is, but ... I also haven't seen anyone in Denver  
government make such as a peep about "cyberterrorism", and I doubt  
they were not trying to secure things?

They're just using horribly insecure products at the core level.

The operating system(s) themselves (all of them) continue to be  
riddled with holes like swiss cheese...  and If the OS folks can't  
ever "get it together" there's never any long-term hope for the  
applications riding on the OS's...

--
Nate Duehr
nate at natetech.com

More information about the clue-talk mailing list