Re: [ISN] Oracle Chief Challenges Hackers

From: InfoSec News (isnat_private)
Date: Wed Nov 21 2001 - 02:25:30 PST

  • Next message: InfoSec News: "[ISN] Linux Security Week - November 19th 2001"

    Forwarded from: "Michael J. Reeves, AA, ASc" <mjreevesat_private>
    
    I find the comments made by J. D. Dyson interesting. I recognize he is
    one of the more knowledgable and visible persons of this forum.
    However, I cannot totally agree with his views in this matter.
    
    Having studied the history of cryptoanalysis, it is apparent that most
    cryptoanalysis is supported by the government. Secondly, though the
    URL link is highly critical of contests, it does not offer many
    concrete facts to support the position of the writer.
    	
    For example, the contest mentioned, and the alleged fact that the
    algorithm was broken by various means. Nowhere is it indicated whether
    the TEXT was in fact RECOVERED???
    	
    Fact: IF you have NOT recovered the text, you have NOT broken the
    code.
    	
    Fact: Babbage was an academic who worked for the government. So are
    many other academics.
    	
    In the present instance, the game is to break into/through a security
    system on a computer network. For a lot of hackers who take this as a
    PERSONAL affront to their skills, they will increase their attacks on
    the system.
    	
    This will of course generate a great deal of information for the
    developer/publisher of the software in question. It should be obvious
    that the developer will use this information to enhance and fix
    security breaches in thier program.
    	
    ALL FOR FREE!!! THANK YOU VERY MUCH FOR YOUR EGOTISTICAL
    COOPERATION!!! LOW SELF-ESTEEM is SO-OO manipulatable!!!
    	
    IF I was going to play the role of a "BLACK HAT HACKER" (IF!!!), I
    would keep my mouth shut, and WAIT until the software has been
    disseminated into the network system. I would attack the USER's
    system, and leave the developer alone. THIS is the strategy that HURTS
    the developer's credibility!!!
    
    IF the developer wants to test their system through a contest, let
    them put up some SERIOUS money. Consider they are attempting to hire
    for FREE the combined skills of numerous hackers of various abilities
    that may total hundreds of hacking experiemce years.
    	
    An appropriate amount of money would be several ANNUAL salaries that
    could be shared among those who successfully breach the system.
    Consider this a CONSULTING FEE for contributing to the further
    development of the security features!!!
    
    IMHO...
    
    MJR
    
    
    
    InfoSec News wrote:
     
    > Forwarded from: Jay D. Dyson <jdysonat_private>
    > 
    > -----BEGIN PGP SIGNED MESSAGE-----
    > 
    > On Thu, 15 Nov 2001, InfoSec News wrote:
    > <SNIP>
    > 
    >         If stupidity is dangerous, then Mr. Ellison's statement is
    > accurate.
    > 
    >         For clear and concise refutation on why the challenge is bogus, I
    > need only point to Bruce Schneier's December 1998 remarks on the matter:
    > 
    >         http://www.counterpane.com/crypto-gram-9812.html#contests
    > 
    >         Mr. Ellison would do well to read it and recognize his folly.
    > 
    >         And for the record, nothing, but *nothing* is perpetually secure.
    > Time is the greatest reducer of perceived absolutes.  And when (not if)
    > the time comes when Oracle is breached, I will personally laugh...
    > 
    >         ...and point.
    > 
    > - -Jay
    > <SNIP>
    
    -- 
    Michael J. Reeves, AA, ASc
    MJR Consulting Services
    4231 Watrous Avenue
    Sacramento, California 95842
    
    Voice: (916) 344-7834
    FAX: (916) 349-1849 By Appointment
    E-Mail: mjreevesat_private
    ---------------------------------------------------------
    REMEMBER: Artificial Intelligence beats real Stupidity!!!
    
    Failure, the FIRST step toward SUCCESS!!!
    
    I have no SPAM. I don't give a SPAM.
    I take no SPAM from anyone. I am NOT in the SPAM business!!!
    
    There are NO OBSTACLES, only CHALLENGES to CONQUER...
    
    NO PARADOXES, only ILLUSIONS...
    
    Rule #1: Murphy's Law: Shit Happens!!!
    Rule #2: YOU CAN'T CHANGE RULE #1!!!
    
    Murphy's Law of Statistics: You will never get the minimum sample size
    desired no matter how large a group you select from.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Nov 28 2001 - 16:04:54 PST