Completely Off Topic
Carroll, Jim P [Contractor]
jcarro10 at sprintspectrum.com
Tue May 27 23:09:41 CEST 2003
I'm with you on this, Lonny.
I was on the firewalls mailing list for a number of years,
and if there's one thing I learned, it was that
"security through obscurity" is a Fundamentally Bad Thing.
I seem to recall echos of similar concerns when the
Open Source community encouraged sharing source code,
and a similarly weak defence (citing Microsoft's 'black box'
approach to "here's our software; trust us to have done
it right") with the belief that such an approach is
in the best interest of everyone.
Some would suggest that we learn from history. Let's not
return to our ostrich-head-in-the-sand approach. :)
jc
> -----Original Message-----
> From: Lonny Selinger [mailto:lonny at bangtherockstogether.net]
> Sent: Tuesday, May 27, 2003 2:14 PM
> To: VanZee, Timothy
> Cc: nagios-users at lists.sourceforge.net
> Subject: Re: [Nagios-users] Completely Off Topic
>
>
> Personally I think this is a great idea. The best way to
> learn and understand how
> vulnerabilities are created and work is to rip them apart.
> First of all, writing a
> worm or virus is extremely simple and they aren't going to be
> seeding a new
> generation of *cracker* types to write the next genius virus.
> Hopefully a large
> portion of any who attend are actually intelligent enough to
> gain a better
> understanding on how to take preventative measures against
> attacks ... if you know
> more about the weapon and ammunition you're better set up to
> prevent getting hit.
>
> If we leave this knowledge only with those of us who seek it
> out on our own to
> learn, and in the hands of the wannabee's who feel some sick
> obligation to an
> underground generation of people trying to make some kind of
> name for themselves, we
> set ourselves up to rely on others to provide security
> solutions for us rather then
> take an active role in prevention.
>
> Lets face it, if someone really wanted to obtain and alter a
> worm or trojan or any
> other *bad* code, its as easy as searching google or forums
> for existing *known bad*
> source code and taking it from there (or hitting IRC). I'd
> rather know more about
> the course before signing off on it completely (who's
> teaching it and why do they
> feel they are qualified to do so etc) but I like the premis
> ... controled
> environment to further knowledge and hopefully add some
> techie hacker (in the true
> sense of the word) types to the white hat side
>
> :)
>
> </2 cents>
>
> --
> L
> > <OT>
> >
> >
> >
> > The University of Calgary is offering a course in "Computer
> Viruses and
> > Malware". This would be a good course, however, in order to better
> > inform them and give them more knowledge they are teaching
> them how to
> > code worms and Trojans. This is only my initial reaction
> as I haven't
> > really thought about it yet, but WHAT THE HECK ARE THEY THINKING?
> >
> >
> >
> > Just thought we don't need anymore work in trying to fight
> off viruses
> > and malicious attacks, so I wrote a brief note to the staff of the
> > University of Calgary.
> >
> > President and Vice-Chancellor Dr. Harvey P. Weingarten
> > (presoff at ucalgary.ca)
> >
> > Faculty of Science Dan Seneker (seneker at ucalgary.ca)
> >
> > Dr. John Aycock (aycock at cpsc.ucalgary.ca)
> >
> >
> >
> > Reactions or comments welcome. We can take this outside of the
> > nagios-users forum.
> >
> > <\OT>
> >
> >
> >
> >
> >
> > Tim Van Zee
> >
> > ITS Network Specialist
> >
> > Governors State University
> >
> >
> >
> >
> >
> >
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: ObjectStore.
> If flattening out C++ or Java code to make your application fit in a
> relational database is painful, don't do it! Check out ObjectStore.
> Now part of Progress Software. http://www.objectstore.net/sourceforge
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS
> when reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>
-------------------------------------------------------
This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore.
Now part of Progress Software. http://www.objectstore.net/sourceforge
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list