Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 36

Thread: Self preservation

  1. #11
    Senior Member
    Join Date
    Dec 2004
    Posts
    3,171
    Hi MsM,

    I understand your philosophy...however...I do not think that applying privacy to these issues would compromise education in the least...and I do not believe that not providing public access to this type of information would in any way prevent people from obtaining the information through other means...

    it's a question of personal responsibility...can I stop a kid from hacking hotmail or a kid from blowing up his locker at school? NO.
    But I can prevent him from obtaining those tools to do so from ME...I do not have to contribute to his deliquency...or the deliquency of others by accepting a policy that all information regardless of it's potential for harm should be exposed to all-comers.

    The education can still be made available...and the conference rooms provide the best vehicle...while maintaining a semblance of social concern.

    In my opinion it's a question of social responsibility.

    Eg

  2. #12
    Senior Member therenegade's Avatar
    Join Date
    Apr 2003
    Posts
    400
    They wouldnt MsM..but if someone's willing to go to the extent of putting in a lot of time and effort into getting to know people and digging around,they've probably got a good shot at unearthing the information from elsewhere as well.It just might serve as a method to discourage the occasional(or not)script kiddie that comes along...point..if someone's willing to devote time and effort into this,they'll find out in one way or the other,what we can try to do though is make the littlest bit more sure that we arent handing them over to loose cannons so to speak..
    At least,I think it's supposed to work like that?
    On the whole,I'm not advocating security by obscurity in any way..we can all see where it's gotten Billy Gates and his band of not-so-merry men.I'm saying we give them a little nudge now and then.(I remember being a right ass when I first got here..I'm not so much of one now,old habits die hard though:P)..instead of just handing them the whole platter though..why not just give them hints?(toss them a bite if you will lol)

    Cheers

  3. #13
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,021
    Originally posted here by MsMittens
    And how would anyone know that those in the private discussion are in fact as ethical as they claim?
    Because my halo is clearly visible


    O
    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  4. #14
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    <--- and yer wings?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #15
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Well,

    I am a great believer in ass covering

    "Educational purposes only" disclaimers are pretty lame these days.I am not too sure how they would stand up against a well lawyered-up "victim", particularly a large corporation. Not too well I would imagine?.............and I certainly don't have the time or funds to find out

    Obviouly a lot would depend on your local laws in that situation.

    My thoughts would be to:

    1. Demonstrate that the information is in the public domain.
    2. Publish the countermeasures recommended.

    At least then you can play your "I am being victimised" and "You are incompetent" cards, neither of which are liked by large corporates?



  6. #16
    Senior Member therenegade's Avatar
    Join Date
    Apr 2003
    Posts
    400
    Agreed nihil,but wouldnt there be a possibility that you've just supplied someone with a gun and a bullet proof vest?

  7. #17
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Agreed nihil,but wouldnt there be a possibility that you've just supplied someone with a gun and a bullet proof vest?
    Sure, but I would rather face a court with that, than with having just provided the gun.

    My defence being that they could find the attack information elsewhere, and I have provided the defence. That would seem a reasonably balanced approach for a security site?

    And it is my best offering to the thread title of "self-preservation" not only for the original poster, but also for the site's reputation?

  8. #18
    Senior Member therenegade's Avatar
    Join Date
    Apr 2003
    Posts
    400
    Lol,well said..though I'm inclined to think one of your 'well-lawyered victims' might still say that you've helped the attacker's cause,though the argument does become weaker
    I wonder if the OP's banging his head on the wall yet,half of all this hasn't been directly related to his post

  9. #19
    Senior Member
    Join Date
    Dec 2004
    Posts
    3,171
    Hi ech0,

    See...it's not just a question of whether or not people will assist your ' war games '...there's more involved than that.
    It's a question of doing the right thing and how to go about it in everyone's best interest...
    so...
    even if we believe you have no ulterior or malicious intent...it's becomes a question of how do we provide you with this information without compromising someone else's security or the reputation of this site as being a responsible security site rather than just a hacker forum.

    nihil's suggestion of providing the answer/response would help in open forums...provided the ' victim ' ever reads that post, is a member of this site, or even knows that the solution can be found here...more than likely though the ' victim ' will be a noob and will not be able to defend himself or rectify it on his own and will not have access to the solution.

    nihil's suggestion is hands-over-fist better than MsM's suggestion of just post it and let the chips fall where they may...but...

    It seems to me...still...the conference rooms would provide the safest security if someone were to want to assist you.

    Eg

  10. #20
    Senior Member
    Join Date
    Dec 2004
    Posts
    137
    i am all for education, MsM. but i don't trust peoples motives!

    there seem to be a lot of experienced and ethical professionals on the forums i lurk on. but there also seem to be many geeks with too much time on their hands who may or may not have a criminal mind or intentions -- but they definatly do not seem to possess the capacity to think ahead and consider potentical consequences to their actions.

    they are either too lazy or lack the resourcers to setup a test lab to play around with and would much rather launch little experinents in a live product environment. any successful experiment might probably cause some sort of network service or system disruption and the local support will have to take time out of their busy schedule to deal with it and fix it.

    RY

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •