× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. February 2004

Re: Be very careful from now on...

----- Original Message ----- 
From: "jt" <jt@xxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Sent: Tuesday, February 17, 2004 1:27 PM
Subject: RE: Be very careful from now on...


> There are very few things I disagree with Leif about, but this one Adam
> mentions is one.  I find it Very hard to believe that anyone would suggest
> that "the code being out there puts everyone on even footing".  Criminals
> are incented, and the assumption is that non-criminals will, in each and
> every case, be smarter than the criminals.  I believe this to be a
dangerous
> assumption, in the first place, and false due to the fact that criminals
are
> the more highly incented.

But again, it is point of view.  I assume we can agree that, due to the
nature of it, bad guys have more incentive to crack someone's program for
personal gain than a good guy to spend time to crack it to fix someone
else's work that he really isn't able to do legally.

But say the code is freely available and legal to look at.  With no fear of
reprecussion, the good guy can put time in as a good samritan or for their
own benefit whereas the true bad guy really gains no edge since he would
have devoted time to reverse engineer it anyway.  He is just being saved on
that time.

The bad guys are going to try to find flaws whether they are allowed to or
not, whereas more good guys will try to find flaws, and report them, if they
don't have to risk jail time.

> This is an arrogant assumption, imv, and not supported by any facts that I
> know of.  Not that the good guys don't do an IMMENSE amount of good work,
> but it Only Takes One bad guy to be successful and the house of cards
comes
> down.  It doesn't matter How much good the good guys do, if that one bad
guy
> is successful, unfortunately.  Speed of correction is a moot point, once
the
> ballot boxes have been stuffed and people wrongly elected.

And that is true, all it takes is one, but the point is trying to eliminate
the amount of possibilities.  More people auditing the code relates to a
higher chance of discovering a bug.  Windows has been regarded as an
unsecure OS for a long time.  Do you think if chunks of source code were
freely allowed to be audited, it would make it even more unsecure?

> As Jim Franz just pointed out, there are very dedicated people who (either
> by looking at code, reverse-engineering, trial-and-error) ARE finding a
> large number of the most dangerous holes.  There is a guy in Europe
(forget
> name, and there are several groups, afaik) who has been doing this for
> years, and been quite successful in finding these flaws, by whatever
> techniques he uses.

And you wonder how much more successful they would be if they didn't have to
spend time reverse engineering.  Obviously there are very smart people out
there that have their own motivation to crack software.  Just as there are
very smart bad guys out there that have motivation to crack software.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.