Saturday, July 11, 2009, 9:55 AM
Thoughts by John (Article #242)
The anti-sec movement is a group of people who believe that internet security firms should stop publishing exploits. Anti-sec believes that the primary motivation of the security industry in publishing exploits is so the exploits can be easily transferred from whitehats to blackhats without the security firms being blamed. Script kiddies copy the exploits, making the need for firewall, antivirus, anti-adware, etc. more prominent.
This one has been brewing in my mind, but I thought the anti-sec hacking of ImageHost made the issue worth talking about. Advertisements
I'm a big fan of publishing every single exploit.
There is an old mantra in programming that you cannot achieve security by obfuscation. I am a devout believer. If you think about a building, which is bound to be more effective: camouflaging an unlocked door, or installing a stronger door and locking it?
I also think that people misunderstand the supply and demand component of hacking, especially at the script kiddie level. Script kiddies have a demand for exploits. A lot of script kiddie behavior is about showing off to their friends. In other words, reducing the supply of exploits is not going to meaningfully reduce the number of script kiddies.
As for hardcore hackers, unpublished exploits are their bread and butter! Leaving an exploit unpublished increases that exploits' value to some guy in Romania whose who business is about staying under the radar. If he can come and go as he pleases through an unpatched system, you've provided a value-added proposal to his business. And since going unpublished means an exploit will be less patched worldwide, you've also granted him the chance to hit more machines.
The anti-sec movement -- if it really even exists as a meaningful movement, and isn't some sort of post-modern bullshit attempt by hackers to hack the public conscience -- is misguided. There is nothing to be gained by letting exploits go unpublished.
|
© 2010 Pro Content and Design. All rights reserved.
|
Tools
Check Google PageRank
Recent articles- To Microsoft's credit
- Tracking expiring and dropping domain names
- GoDaddy finally cleans up its checkout process
- Back to basics: clean up your link names
- What the internet will look like in hell
- Early release of expired domains is rare
- The PageRank experiment first results
- Fixing the FH_DATE_PAST_20XX bug
- Dear Fedex: enough notices
- An experiment in PageRank
Welcome!
Wonder where to start with your web design business?
This blog follows along with my efforts to build and grow a website design business, Pro Content and Design.
The goal of this blog is to fill in blanks that may be empty as you get your business rolling.
This blog, particularly the source code section, is not intended for beginners. If you are not comfortable with databases, Ajax, DOM objects and other advanced methods, I strongly suggest you go take a look over at W3 Schools before even reading -- let alone tinkering with -- any of the code here.
I hope this blog has some value to web designers as they attempt to get their businesses going.
Good luck, and happy reading.
Thank you,
John Crawford
Pro Content and Design
Books
I highly recommend Art of the Start if you have no idea where to start with marketing.
Links
Coding
W3 Schools
IBM's Mastering Ajax Series
Graphic Design
Worth 1000
Stock.XCHNG
Urban Fonts
Website Software
Apache Web Server
SquirrelMail
PHP/Zend
Website Design Issues
Non-Standard Character Guide
Google Trends
Search Engine Optimization Analyzer
Business
Guy Kawasaki's Blog
Seth Godin's Blog
Freakonomics
Computers
NewEgg
My Main Website
Pro Content and Design
Websites I have built
PunxsyPage: local free classifieds website
Farm N Land: low-cost real estate listing website
Groundhog Festival: for the local summer festival
Weather Discovery Center
My Webapps
TV Stations Transmitter Database
Google PageRank Checker
|
