Telecom and Logistics Associates 

new6.gif (1031 bytes) TLAalert    Security Service 
Translate this page from:  publication: Christian ALT 
  Save Time and Money

TLAnews: Security NEWs Service 

 27.7.2000 SecurityDisclosing software vulnerabilities attacked
Marcus Ranum, from Network Flight Recorder Inc., a company making intruison detection software, used hard language to say that security can't be improved unless "gray hat" hackers stop disclosing security holes to the public and stop creating tools for so-called "script kiddies" to exploit the holes.

French:  La diffusion des trous de sécurité attaquée
Marcus Ranum  de Network Flight Recorder Inc., une entreprise développant des logiciels de détection d'intrusion, a utilisé des mots durs pour dire que la sécurité ne peut pas être améliorée, à moins que les pirates "gray hat" arrêtent de diffuser au public les trous de sécurité et qu'ils arrêtent de concevoir des outils pour exploiter ces trous, utilisés par les "script kiddies".

Home
Consulting
Tech Doc
FW-1 FAQ
Training
Products
TLAnews
Archive
Advertising
 

TLAnews.com
Information for security concerned people

 
Register to TLAnews letter
 

 

 

 

 

 

 
English version
From a speach heard at Black Hat Security conference, "Well-meaning hackers are creating an army of "script kiddies" by making security holes public".

In his speach he called creators of hacking tools "weapons dealers" who aren't really concerned with security.and he added "Distributing these tools is not helping".

With those tools it is easy to take part to the chaos on the Internet.

Are we really creating hordes and hordes of script kiddies raising the level of attacks. Marcus Ranum seems to think so  and sees a social problem, and proposes to go hard and fast on these people. To some degree, hacking has become socially acceptable.

A lot of the vulnerabilities that are being disclosed are researched for the sole purpose of disclosing them, And  large portion of security experts go home and write tools at night for script kiddies.

Ranum thinks that society's tolerance of hackers will lessen once hacking is regarded as "non-ideological terrorism," more and more users get hit by attack there will be less and less patience with break-ins.

Silence would be the best strategy?
Résumé en français

Lors d'une session de la conference Black Hat un aurateur a dit "Les bons hackers créent une armée de "script kiddies" en rendant public les trous de sécurité.

Les créateurs de ces outils se sont fait appeler "marchands d'armes", qui ne sont pas vraiment inquiets de la sécurité. 

La distribution de ces outils n'aide pas vraiment mais serait au contraire responsable du chaos rencontré sur Internet.

Plusieurs exemples ont été donnés qui justifient cette prise de position. Notamment le fait que la majorité des attaques se réalisent avec ensemble restreint de ces outils.

La solution semble être plus sociale que technique. Socialement il est devenu acceptable de faire du "hacking". 

Même parmis les administrateurs systèmes il est très courant de télécharger ces outils et de faire quelques "petits essais".

Ranum pense que la tolerance de la société vis à vis des pirates va diminuer. de plus enplus d'utilisaterus subissent ces agressions et deviennent moins patients.

Le silence serait la meilleure stratégie ?

 

Related information:

 


more security information with TLAnews ...

Author information.
Copyright © [Telecom and Logistics Associates Sàrl]. All rights reserved.
Revised: juillet 27, 2000 .

All information provided is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the facts of the particular situation.