On GameFAQs: The top 10 best uses of the Konami code
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 16 of 74:
Next »
« Previous
DCS: Answers to barred posts...
Answer to "You've been fed a falacy(sic)":

This from the man whose counter-argument was a classical fallacy? I digress with much wrining of metaphoric hands...

Cracking and phreaking have been around for a very long time, basically for as long as a dial-up connection and war-dialing - 1972 or so. In the '70s there were a number of low-profile compromises of MVS systems. There are none now. Why? IBM secured the compromised areas by hiring the infiltrators after said infiltrators had served their prison terms. The systems were rendered too secure on that advice for easy infiltration and the crackers migrate to softer targets. Crackers are lazy souls, by and large. A simple ROI equation tells them 20 soft targets are worth one hardened target.

A similar proof exists for AT&T UNIX prior to SYS-III. AT&T used the convicted cracker base to secure the OS they sold. Other licensees did not, fearing a consumer backlash with the end result of more pernicious flaws with longer time to realization and higher internal expense to secure the system.

A similar answer exists in-re the phone system. How much phone phreaking is done right now with a blue box or red box (in the US)? Answer: none. That system has been secured against those technologies. There wasn't a rise in phone phreaking until the introduction of new technologies and the failure of service providers to glean knowledge from those who broke the system.

Failure to use the best source of intelligence, because of people whose ideal is "Punish the criminal in jail and then punish them after they've repaid their debt to society as a deterent to others. Ruin the criminal for life to discourage others", has led companies to be either discrete about consulting the reformed criminal or completely ignoring the intelligence they could gain by doing so. This seems to be very much your opinion, which leads us to your next post.

Answer to: "Show me were(sic) it SOLVED anything"

Refer to the two earlier examples. MVS was secured and the crackers moved on to easier targets. UNIX SYS-III was secured using former criminal consultation and again the criminal crackers moved on to softer targets. Windows is that softer target and crackers know it - and the two in the article have told you the Windows is the softer target. They don't choose Windows because of ubiquity. They choose Windows because it is so fawed they can attack it easily!

Now, that said, I agree that crackers are rat reamers who should go to prison. I do not agree that we should not learn from them or that their knowledge is somehow tainted and we should therefore not benefit from it. Better to learn from our mistakes no matter who teaches the lesson.

Your moral code, however, seems to include the moral code I cited earlier - you want to punish forever? You want stronger sentences as a deterent. Consider though that the sentences now are three times harsher than they were in 1972. In 1972 a cracker wasn't even pursued unless he stole money and this lack of punishment persisted until 1987, then new laws were passed which not only doubled the sentence if money was stolen, but set a minimum two year term if no money was stolen. In 1997 the guideline was raised to 8 years. In 2001 via the Patriot Act and the provisions for electronic identity theft the minimum term became 20 years - more than a multiple rapist could receive. More than a first time murderer could receive. On par with what a drug dealer would receive. And this was without any money stolen!

Has there been a reduction in cracking of soft target systems? No. Your view is slanted, perhaps because you favour a soft target system I suspect? If you favoured a hardened target OS or platform; your perspective would be different. Anecdotally, I've worked at a number of government agencies in the last twenty years. In that time I've seen at least 30 massive and successful attempts to infiltrate, compromise, infect or worm soft targets (Windows desktops) from an external source. In that same time, I've seen UNIX and GNU/Linux attacks succeed only once by utilizing an unsecured web server as a proxy relay. In that same time I've seen zero MVS attacks succeed. I've seen numerous attempts via password guessing and trip routing: none succeeded.

So, the answer is obvious to me. Where proper intelligence gathering was used, and a "know your enemy approach" was employed; systems became hardened beyond the skills of the duffer cracker and for the serious cracker a bad ROI. That resulted in more secure systems.

You have one chance to punish and that's in prison, but after that failure to exploit them for knowledge is detrimental to increasing security. Not to mention it breeds an underground of the disenfranchised, who will likely try again. You want them on your side.

Aside - For my own thought, Mitnick should have gotten more time. I'm not a member of the Free Mitnick brigade and never was. However, I see nothing wrong with him consulting for security now and Congress seems to agree with me. Mitnick has paid his debt. His punishment is over. You are of course permitted to have your own emotionally driven opinion and even to expound it. What you are not permitted to do under argument, however, is use the fallacy of "consider the source" to fallaciously discount the statements of someone merely because they were previously convicted of a felony. Such arguments are false and unproductive.

I now return you to your regularly scheduled life with an admonition to read Carl Sagan's "Baloney Detecton Kit" in which fallacious argument is described. You would really profit from such a reading, I think.
Posted by: John Le'Brecage   Posted on: 10/28/03 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Is this an "I told ya so" or what.  Squawkbox | 10/27/03
Where's No_Ax?  Chad_z | 10/27/03
Interesting, you share the sme views...  No_Ax_to_Grind | 10/27/03
Re: Interesting, you share the sme (sic) views...  Martin Marvinski | 10/27/03
Huh, read his post again.  No_Ax_to_Grind | 10/27/03
Re: Huh, read his post again  Martin Marvinski | 10/27/03
They're still scum  DO_z | 10/27/03
What a limitted viewpoint?  John Le'Brecage | 10/28/03
I have a somewhat different viewpoint.  No_Ax_to_Grind | 10/28/03
Their point is that the crooks have knowledge than can be useful  doctormoriarty | 10/28/03
You've been fed a falacy.  No_Ax_to_Grind | 10/28/03
Couldn't agree more...  John Le'Brecage | 10/28/03
how they helped  ryusen | 10/28/03
Show me were it SOLVED anything.  No_Ax_to_Grind | 10/28/03
and show me  ryusen | 10/28/03
DCS: Answers to barred posts...  John Le'Brecage | 10/28/03
welcome back Bitty  blahblahblah | 10/28/03
Safe Systems  samp_z | 10/27/03
notice...  ryusen | 10/27/03
but..  d_jedi | 10/27/03
it's probably a combination of many factors  ryusen | 10/27/03
Linux users and ethically void  Squawkbox | 10/27/03
Here's another one  Chad_z | 10/27/03
Bad administration  pschroeder@... | 10/27/03
Read it again  pschroeder@... | 10/27/03
Re: Read it again  Martin Marvinski | 10/27/03
Wrong wrong wrong  pschroeder@... | 10/27/03
Wrong Wrong Wrong  samp_z | 10/28/03
the problem is...  ryusen | 10/28/03
Re: Safe Systems  Martin Marvinski | 10/27/03
Same with RedHat  JoeMama_z | 10/27/03
Re: Same with RedHat  Martin Marvinski | 10/27/03
Rapist say rape victims are to blame.  No_Ax_to_Grind | 10/27/03
difference is  ryusen | 10/27/03
It's always the victims 'fault'.  No_Ax_to_Grind | 10/27/03
of course you missed the point  ryusen | 10/27/03
No it is YOU that miss the point.  DO_z | 10/27/03
Wow  Fanatical Desperado | 10/28/03
At least SOMEONE gets it.  No_Ax_to_Grind | 10/28/03
well it isn't you or your alter ego  ryusen | 10/28/03
No it is YOU that miss the point.  bchesmer | 10/28/03
On that you can bet the farm.  No_Ax_to_Grind | 10/28/03
First off, hackers ARE criminals  DO_z | 10/28/03
just say no  lmaxwell | 11/01/03
Please stop making this analogy: it does you no credit.  dw@... | 10/28/03
Talkback  nrlz | 10/28/03
The analogy in question served it's purpose...  DO_z | 10/28/03
What does this hacker use?  pschroeder@... | 10/27/03
Not enough information  IT_User | 10/27/03
True  pschroeder@... | 10/27/03
you're overlooking the obvious  Fanatical Desperado | 10/27/03
re: Peter  ryusen | 10/27/03
To all  pschroeder@... | 10/27/03
you miss the obvious  ryusen | 10/28/03
What does this hacker use?  bchesmer | 10/28/03
Assumptions  pschroeder@... | 10/29/03
You seem to be confused.  frixion | 11/13/03
... and an apology  frixion | 11/13/03
Hard to secure windows?  JoeMama_z | 10/27/03
Talkback prove the MS PR campain is working  Richard Flude | 10/27/03
Please give me a break!  DO_z | 10/27/03
Please give me a break!  bchesmer | 10/28/03
been a grip with me for a long time  JoeMama_z | 10/28/03
Someone Curious?  DO_z | 10/28/03
Nitpicking isn't gonna change the substance of the message...  DO_z | 10/28/03
think we need a new name  lmaxwell | 11/01/03
breaks...  ryusen | 10/28/03
Thanks for the info but....  DO_z | 10/28/03
Something to remember  frixion | 11/13/03
Funny  Richard Flude | 10/28/03
so then we should just let them be...  DO_z | 10/28/03
Confused by your posting  Richard Flude | 10/29/03
insanity vs. fantasy  xshakes | 10/28/03
perople that  lmaxwell | 11/01/03

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

SmartPlanet

Click Here