Results 1 to 4 of 4

Thread: Presidential adviser encourages computer hackers to break software

  1. #1
    Webius Designerous Indiginous
    Join Date
    Mar 2002
    Location
    South Florida
    Posts
    1,123

    Presidential adviser encourages computer hackers to break software

    Taken directly from MSNBC.COM.

    LAS VEGAS, July 31 — An adviser to President Bush encouraged top computer security professionals and hackers Wednesday to try to break computer programs, offering to support and protect good-faith researchers from the legal wrath of software makers.


    RICHARD CLARK, Bush’s computer security adviser, told hackers at the Black Hat conference that most security holes in software are not found by the software makers but by independent users.
    “Some of us, here in this room, have an obligation to find the vulnerabilities,” Clarke said.
    Government-funded computer research facilities have identified thousands of vulnerabilities in computer software over the past year, including those in Microsoft operating systems and programs by companies such as Oracle, Sun and America Online. Such vulnerabilities can allow criminals to break into or disrupt home or business computers. (MSNBC is a Microsoft - NBC joint venture.)
    Clarke cautioned that hackers should be responsible in reporting programming mistakes. A hacker should contact the software maker first, he said, then go to the government if the software maker does not respond soon.
    Hackers commonly share their findings with others in their community through e-mail lists or Web sites. But how much they should disclose is a running debate among computer security professionals. Some argue that full disclosure is best; others say a hacker should only warn that a problem exists without showing how to take advantage of it.
    Clarke said hackers should not help criminals by showing how to exploit a programming bug before the software maker has a chance to fix the problem by issuing a patch, or fix.
    “It’s irresponsible and sometimes extremely damaging to release information before the patch is out,” Clarke said.

    Companies differ in their response to independent researchers. While some encourage or even reward bug-hunters, others are more concerned about the possibility of extortion or embarrassment to the company. In some instances, they seek civil or criminal charges against the hacker.
    Clarke said that situation is “very disappointing,” as long as the hacker acts in good faith.
    “If there are legal protections they don’t have that they need, we need to look at that,” he said.
    Black Hat, sponsored by PricewaterhouseCoopers, Microsoft and other companies, consists of two days of presentations showing how to both break into and protect computer networks.
    Other government employees were scheduled to speak, including a National Security Agency official. The Justice Department promised to update how new anti-terrorism laws affect computer security investigations.
    Clarke offered a more detailed preview of the nation’s plan to protect cyberspace, which his office is coordinating with the help of industry and computer experts. That plan, which Clarke called a “living document,” will be released in September.


    Clarke warned about vulnerabilities in cheap and simple wireless networks, which are becoming popular in businesses and homes. Most wireless networking products are extremely easy to break into — even from a person in a car driving by several hundred yards away. They are sold with almost no security options enabled.
    Clarke said it is a failure of technology makers to sell the networks without sufficient protection and a failure of government to let it happen.
    “Until we have a better, proven track record with the wireless (networks), we all should shut them off until the technology gets better,” Clarke said.
    The conference organizers did not take Clarke’s advice, however. The Las Vegas hotel had a wireless network for the benefit of attendees, but its poor security prompted the hotel to make the network free so that laptop-armed hackers at the conference would not be tempted to seek out credit card numbers passed over the airwaves.
    The Defense Department said this week it is finalizing new restrictions on the use of wireless devices.
    Clarke urged software companies to develop products with security in mind. He said he was outraged that telephone and cable companies provide high-speed Internet access to home users but do not also provide easy-to-use security software.
    “Millions of households are getting connected and therefore getting vulnerable” to online crime, Clarke said. “It’s a bit like selling a car today without a seat belt."

    *sigh*

  2. #2
    Senior Member cwk9's Avatar
    Join Date
    Feb 2002
    Posts
    1,207
    cautioned that hackers should be responsible in reporting programming mistakes. A hacker should contact the software maker first, he said, then go to the government if the software maker does not respond soon.
    Hackers commonly share their findings with others in their community through e-mail lists or Web sites. But how much they should disclose is a running debate among computer security professionals. Some argue that full disclosure is best; others say a hacker should only warn that a problem exists without showing how to take advantage of it.
    Clarke said hackers should not help criminals by showing how to exploit a programming bug before the software maker has a chance to fix the problem by issuing a patch, or fix.
    I wonder if without full disclosure if Microsoft would ever patch any security holes. At least some working exploit code forces software makers to haul ass to get it fixed. Other wise you can have a few people who have figured things out on there own running around hacking computers while software makes take there sweet time fixing things because the public doesn't have a working example.

  3. #3
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    No mention about how the DMCA is being used to stifle what he encourages? Perhaps some overriding leglislation to give protection from that?
    [HvC]Terr: L33T Technical Proficiency

  4. #4
    Banned
    Join Date
    Jul 2002
    Posts
    30
    SHUT UP FAGGETS

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •