Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Do posting Vulnerability's really help

  1. #1

    Exclamation Do posting Vulnerability's really help

    Ok what's your opinon about posting vulnerability's. DO they help you patch your system. Or help hackers(crackers) break into them.I don't think it's wrong but, isn't hacking (cracking) all based on finding loophles, vulnerability's. Well it's good to know information, but should it be made available to everyone? I totally believe in free, and sharing so I will say that it does both it helps the hacker(cracker), and it also helps stop them.

  2. #2
    Senior Member
    Join Date
    Oct 2001
    Posts
    689

    Post

    This is a good question. I wonder sometimes whether when these security researchers find new loopholes, if they are actually the first person to find it, and have just advertised to everyone that "This is how you get around a software firewall." Their theory is that if they found the loophole, someone else would have found it too. Knowledge is power. If the people who post vulnerabilities didn't tell you about them, you would probably find out when someone uses them on you.
    Wine maketh merry: but money answereth all things.
    --Ecclesiastes 10:19

  3. #3
    Senior Member
    Join Date
    Aug 2001
    Posts
    485
    Speaking from personal experience, I think it is a good idea to post information on possible loopholes. If you are in a work environment, I think it is a good idea if your Sysadmin guy is aware of any current threats (having worked in that role I appretiate the warnings )

  4. #4
    Banned
    Join Date
    Sep 2001
    Posts
    2,810
    I agree admin's need to keep up-to-date on these matters or the h/cr/acker will be one step ahead at all time.
    A good admin is one who keeps up with the h/cr/acker.

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    185

    Re: posting exploits to aid security

    Great question. I would have to respond to that by saying that the attackers already have the information and are sharing it within their circles. I believe that security in general would be under much greater risk without the free and open dicusssion of security issues on the horizon, including the methods the exploits could be used to compromise a system. Not doing this borders on the concept of information police, normal law abiding citizens would be clueless, yet the attackers would still have and share their information underground.

    In addition I think it has caused software developers to take more proactive steps in dealing with issues in their code. In free open exchange about exploits they really don't have much choice because everyone concerned knows what the problem is and if they fixed it. So, I think it not only aids in improving security as a whole, but also improves the software that we all use.
    Know this..., you may not by thyself in pride claim the Mantle of Wizardry; that way lies only Bogosity without End.

    Rather must you Become, and Become, and Become, until Hackers respect thy Power, and other Wizards hail thee as a Brother or Sister in Wisdom, and you wake up and realize that the Mantle hath lain unknown upon thy Shoulders since you knew not when.


  6. #6

    Post

    Originally posted by Ennis
    I agree admin's need to keep up-to-date on these matters or the h/cr/acker will be one step ahead at all time.
    A good admin is one who keeps up with the h/cr/acker.

    Admins are fighting a losing battle. Think about it. Most vulnerabilitys are posted by crackers in the first place.

  7. #7
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323

    Question

    Originally posted by Conf1rm3d_K1ll



    Admins are fighting a losing battle. Think about it. Most vulnerabilitys are posted by crackers in the first place.
    So how do admins fight back to start winning the battle? If posting of vulnerabilities doesn't help even the playing field, what will?

    I realize that education about the existence of h/cr/ackers is part of the equation as is learning your OS inside out and locking it down but what else? Locking it down doesn't always solve it.

    MS has said it will no longer publish vulnerabilities as its giving the h/cr/ackers an edge. I dunno. After reading Cuckoo's Egg, I wonder who the edge would be given to and who it would be taken away from if we revert back to a computer state as it was when security was as Stoll describes.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  8. #8

    Post

    Originally posted by MsMittens


    So how do admins fight back to start winning the battle?



    Good question. Unfortunatley I'm at a loss for an answer.

  9. #9
    My Feelings on the matter is that I'd hope that we are all working towards the same goal and thats to excel the knowledge of our selves further than before. I think that there are some people who take knowledge and expose it for the wrong reasons but these people are always going to exists. However usually the people who make this knowledge available have good reasons behind it.

    I like to think that we can grow smarter together rather than alone. Isn't the saying 2 brains are better than 1?

    nice q been a while sinse I have found the need to say something about a post here.
    01010111 01101001 01110010 01100101 01100100

  10. #10
    i think that system admins just need to patch their comps as soon as it is made available.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •