Re: Recent Attacks

From: Philip J. Koenig (pjklistat_private)
Date: Wed Feb 23 2000 - 01:53:42 PST

Next message: Marcus J. Ranum: "Re: snooping"

Previous message: Neil Ratzlaff: "Re: patternmatch for scan"
Maybe in reply to: andrew.c.howardat_private: "Recent Attacks"
Next in thread: Matthew_S_Cramerat_private: "Re: Recent Attacks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 20 Feb 00, at 16:47, Darren Reed boldly uttered: 

> In some email I received from Marcus J. Ranum, sie wrote:
> [...]
> >          There's always going to be a grey area in which legitimate
> > tools can be abused. This almost exactly aligns with the gun debate -
> > a long and tedious debate that I suggest we avoid in this list - but
> > similarly to the gun debate, society at large (legally and through
> > social pressure) defines what are "appropriate" tools and their
> > appropriate uses. It is not appropriate for me to own heavy
> > antitank weaponry; it is appropriate for me to own properly licensed
> > hunting and target weapons. It is not appropriate for me to use those
> > irresponsibly; it is appropriate for me to use them legally and
> > carefully at a supervised range. If, for a second I cross the line into
> > irresponsible use or inappropriate action, by threatening, endangering,
> > or even merely making someone uncomfortable, I have exitted the
> > grey area and entered into the wrong. This is a black and white
> > issue, and police, judges, and juries, are quite capable of
> > dealing with it. So it is with hackers.
> 
> So are you suggesting that perhaps it is time software such as ISS, etc,
> to not only be made available with strict controls over which targets
> they can be used against (article about this went to bugtraq some time
> ago) but also be required for those buying the product/license keys
> in order to undertake such work ?  I think this is almost a inevitable.
> I can't see why professionals would object to this - every `respectable'
> procession has some sort of official "badging" which is required before
> you practice in it.


That's all well and good in the old-time traditional, physical,
geographical, political world of "meatspace", but I'm afraid 
the model fails horribly in cyberspace.

It seems to me that the likelihood of enforcing such a "global
standard for information security practictioners" is almost nil.

You could do that within a single political entity (ie the US,
or maybe even North America) but the troublemakers and fringe-
sitters would end up making their bases offshore. (like various
other deprecated 'net entities seem to have already done)

(See how far you get trying to enforce copyright laws in China
and Russia for just one example)



Phil

Next message: Marcus J. Ranum: "Re: snooping"
Previous message: Neil Ratzlaff: "Re: patternmatch for scan"
Maybe in reply to: andrew.c.howardat_private: "Recent Attacks"
Next in thread: Matthew_S_Cramerat_private: "Re: Recent Attacks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:07:39 PDT