Slashdot Mirror

← Back to Stories (view on slashdot.org)

Interview with Eugene Spafford

Posted by michael on from the open-sesame dept.

scubacuda writes "Dr. Eugene 'Spaf' Spafford, security expert and professor of Computer Science at Purdue University, talks with Greplaw about what drove him to the computer security field, what it's like to testify before the White House and Congressional committees on information security and public policy, and how legislating technology is 'bad law.' For you budding legal geeks interested in forensics, technology, law, and ethics, Spaf has provided a reading list."

168 comments

  1. This guy rocks by PissingInTheWind · · Score: 5, Interesting

    I saw him recently in a conference. He talked about how we all need as americans to make sure we know how to stand in the menace of the actual "orwellian" (his words) government policies.

    He sure knows his stuff and is a great source of inspiration for all of us.

    --

    A message from the system administrator: 'I've upped my priority. Now up yours.'
  2. not impressed. by Anonymous Coward · · Score: 0, Interesting

    Ah, Spafford. The guy who said RTM should be jailed for an accident with a worm - what a nice guy. NOT.

    Before giving this guy big hugs and kisses think about what he stands for. Sure, he has a book or two published, by O'Reilly no less. But he's the kind of guy who believes in DRM, DMCA, inflated estimates of "damages" in hacker cases and jail for anyone who so much as sniffs the wrong port. In short a net.nazi.

    1. Re:not impressed. by JoeShmoe950 · · Score: 2, Insightful

      I think he is good for the same reason. Hackers, in the cracker sense do deserve large amounts of jail time. If you steal a CD, your fined more than the $30 retail value. You contribute to the worms and viruses which ruin many new computer users internet experiences, take down websites, etc. you deserve big time and fines.

      --
      Help Fight SPAM today!
    2. Re:not impressed. by Anonymous Coward · · Score: 0

      Obviously one of those Newt Gingrich disciplinarians. However you don't seems to know your history - at the time of the RTM worm there was no "contribute", only "invent", unless you count science fiction. Sometimes Hacker/Cracker is very blurry.

      (And don't follow the parent's links, unless you like billions of popups and popunders and other bullshit.)

    3. Re:not impressed. by Anonymous Coward · · Score: 2, Insightful

      Take it from me, he isn't like that, and yes I had him guest lecture in my Ethics in Computing (PHIL 590?) class so don't say I don't know what the hell I'm talking about; unfortunately he hasn't taught CS426 in a long time :(

    4. Re:not impressed. by Ogrez · · Score: 4, Informative

      In reading your post, it becomes obvious that you dont have any clue what your talking about, I will give you a brief portion of his testimoney before congress on July 24th 2003.

      More recently, provisions of the Digital Millennium Copyright Act (DMCA) have led to faculty being threatened with lawsuits for publishing their security research, and some faculty (Fred Cohen and myself included) have decided to curtail or stop our research in some areas of security because of the potential for us to be arrested or sued. This is particularly true in the area of software threats -- the very same tools and techniques necessary to reverse-engineer and protect against malicious software are seen as a threat by many in the entertainment and content provision industries. Legislation against technology instead of against infringing behavior can only hurt our progress in securing the infrastructure.

      --


      Fire in the hands of the village idiot is no tool, but a weapon of mass destruction
    5. Re:not impressed. by Anonymous Coward · · Score: 0

      And how much was he paid, in "testimoney" then? Is it worth more or less than monopoleymoney? What portion do I get?

      Spafford's fear of the DMCA applying to him does not preclude his support for it.

    6. Re:not impressed. by coj · · Score: 1

      You're completely off-base re: his feelings about DMCA and DRM. Spaf has expressed numerous times publically and around the office that he does not agree with current legislation related to fair use, and especially where it limits legitimate research.

      Spaf is an incredibly nice, easy-going guy who actively encourages open-mindedness and responsible exploration. Anyone who spends 5 minutes with the guy would realize that.

    7. Re:not impressed. by Anonymous Coward · · Score: 0

      Fucking B? You mean you fucked him for a B? Maybe if you fucked him *and* sucked him you'd have gotten an A. Then again, if you'd gone to class, listened attentively, completed the necessary work INSTEAD of sitting & drawing pictures with your crayons and dreaming up how to write new worms, you wouldn't bellyache about your grade of a B, right?

    8. Re:not impressed. by Endive4Ever · · Score: 1

      I wonder if he has any suggestions for me on cracking the password file on the Purdue University Sparc box I bought at auction that has Solaris on it? The drive is 'set aside' because I couldn't get into it, but I can plug it back into the machine as a second drive and mount it if I want.

      --
      ---
    9. Re:not impressed. by jcr · · Score: 1

      The guy who said RTM should be jailed for an accident with a worm - what a nice guy.

      RTM did a lot of damage doing something he should have known not to do. I wouldn't let him cop a walk if he botched an unauthorized chemistry experiment and burned a lab down, either.

      -jcr

      --
      The only title of honor that a tyrant can grant is "Enemy of the State."
    10. Re:not impressed. by Alsee · · Score: 1

      Actually there's a much better congressional testimony quote on the DMCA. On page 13 of the following PDF (labeled page 11 in the text) says:

      8. Revisit laws, such as the DMCA, that criminialize technology instead of behavior. It is extremely counterproductive in the long run to prohibit the technologists and educators from building tools and studying threats when the "bad guys" will not feel compelled to respect such prohibitions.

      It's a rather diplomatic way of asking them to repeal the DMCA.

      -

      --
      - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
    11. Re:not impressed. by commodoresloat · · Score: 1

      He must've got him confused with that Spamford guy, Spamford Wallace or something... :)

    12. Re:not impressed. by Anonymous Coward · · Score: 0

      That's why there's a big ol' degausser down in the basement of MATH -- for wiping hard drives. All of the old drives I've sent to salvage have wiped with it, and thus destroyed.

    13. Re:not impressed. by rkhalloran · · Score: 1

      (a) The Worm did more damage in its day than almost anything seen since. And it was no accident, AC: RTM had interned at BTL and was intimately familiar with Unix internals. The only accident was that his delay counters were too small and spread the worm much faster than he'd intended.

      (b) RTFA: Spaf has no interest in DRM/DMCA/etc. other than the chilling effect it's had on several areas he'd been working in and now doesn't dare to for concern of becoming the next Ed Felten.

      Spaf's rep is impeccable IMHO.

    14. Re:not impressed. by jo42 · · Score: 1


      Have you tried Googling for reseting the root password on Solaris?

  3. It's a complicated matter... by Deraj+DeZine · · Score: 4, Funny
    what it's like to testify before the White House and Congressional committees on information security and public policy

    Define "like."

    --
    True story.
    1. Re:It's a complicated matter... by Anonymous Coward · · Score: 0
      Define "like."

      ok, like

      v. liked, lik·ing, likes
      v. tr.

      1. To find pleasant or attractive; enjoy.
      2. To want to have: would like some coffee.
      3. To feel about; regard: How do you like her nerve!
      4. Archaic. To be pleasing to.

      v. intr.

      1. To have an inclination or a preference: If you like, we can meet you there.
      2. Scots. To be pleased.

      n.

      Something that is liked; a preference: made a list of his likes and dislikes.
  4. Re:First mccutcheon north post! by Anonymous Coward · · Score: 0, Offtopic

    are you kidding? Spaf and attallah love feeding students their own opinions, and I have to hear them regurgitate to appear smart. They are considered good profs cause the students don't have to think for themselves.

  5. The interviewer wasn't listening by ObviousGuy · · Score: 5, Interesting

    It's great how the interviewer opens up the topic of virii and Spafford replies quite clearly that virii are not things he studies and that he can give references to other experts if the interviewer so wishes. Then the interviewer just plows ahead trying to make out like virii are the key problem in computer security.

    At least Spafford was a good sport and continued doing his best to try to bring all of the subsequent virus questions back into the umbrella of computer security.

    --
    I have been pwned because my /. password was too easy to guess.
    1. Re:The interviewer wasn't listening by Vellmont · · Score: 2, Insightful

      My guess is this interview was done over email. Spaf refers to "see my answer above" at one point, which indicates to me the interview wasn't done in real time. There's also no follow ups, or referring to previous answers in any of the questions, all telltale signs of an email interview.

      The journalist is still at fault of course. Roger Rustad should have done his homework and found out that Spaf doesn't research viruses. He wasted half his questions on this fairly boring topic. Anyway, it sounds like Spaf is mostly an administrator and doesn't do much of his own research.

      --
      AccountKiller
    2. Re:The interviewer wasn't listening by scrod · · Score: 1

      Well, he certainly did a pretty decent job analyzing the 1988 Internet Worm.

    3. Re:The interviewer wasn't listening by Endive4Ever · · Score: 1

      Yes, and a worm is an entirely different thing than a virus.

      Of course, many ignorant people these days just refer to anything bad that 'gets' on their computer due to malware as a 'virus.'

      --
      ---
    4. Re:The interviewer wasn't listening by Anonymous Coward · · Score: 0

      The interviewer asked him what he thought about SoBig and Blaster specifically. He replied that he does not study "these emerging forms of worm/virus/etc." After that reply the interviewer didn't ask him any questions about "emerging forms of worm/virus/etc." Instead, the questions were about motivation, defense, legal implications, etc. involving viruses.
      The interviewer was rather obviously coming from a legal background rather than a computer security background and for whatever reason chose to focus the interview on viruses.

    5. Re:The interviewer wasn't listening by scubacuda · · Score: 2, Informative
      "Plowed ahead."

      Good call. I sent him a list of the questions several months ago and he just returned them the other day.

      When I saw the direction he took it at the beginning, I considered adding/editing/rewording my original list of questions to fall under that umbrella. For better or worse (perhaps worse) I went ahead and published what I had.

    6. Re:The interviewer wasn't listening by Anonymous Coward · · Score: 0

      No, he clearly explains that "viruses" are not the things he studies.

  6. Be very cautious when legislating technology by ElliotLee · · Score: 5, Insightful

    Technology typically finds its own solutions to problems, which makes many laws incredible nuisances, stifling innovation.

    1. Re:Be very cautious when legislating technology by Xilo · · Score: 2, Funny
      Technology typically finds its own solutions to ... many incredible nuisances

      Like Sharpies?

      --
      Read; Write; Execute
  7. CERIAS by fitch609 · · Score: 0, Offtopic

    I work in the building next to CERIAS and they are in one of the worst buildings on campus... They are definitely some smart people though. Spaf is an awesome guy and great teacher.

    1. Re:CERIAS by pirodude · · Score: 1

      MA, CL50, University or BEER :) ?

    2. Re:CERIAS by Anonymous Coward · · Score: 0

      the above poster does not drink and only said that to be cool

    3. Re:CERIAS by jsweval · · Score: 1

      Don't forget about their mirrors for many linux distros and NTP servers!

      Nothing like having a NTP server less than 10 miles away!

    4. Re:CERIAS by probbka · · Score: 1

      yeah it's BRNG fool

      --
      Only requirement for good karma: be pedantic as much and as often as possible.
    5. Re:CERIAS by coj · · Score: 1

      The second floor offices aren't so bad -- I'm glad we don't have to be up on the fourth floor. Those history grad students are scary.

    6. Re:CERIAS by coj · · Score: 1

      Wow, people use the NTP servers? The sysadmins will be glad to know that all of the bs they've had to deal with getting the new ones up hasn't been in vain.

    7. Re:CERIAS by pirodude · · Score: 1

      You mean LAEB :)

    8. Re:CERIAS by Raynach · · Score: 1

      Why argue? It's the liberal arts building! ;)

      --
      - A
    9. Re:CERIAS by cide1 · · Score: 1

      Except you block the damn bathrooms from the first floor, and I always, without fail, go up the wrong staircase. And there is this great sign telling you, no through traffic. One day, I got mad, and I walked through anyway, and I got away with it.

      I'll bet like 5 people who read this article will have any idea about which bvilding I'm talking about. Those who do, dont you fell my pain?

      --
      -- the computer doesn't want any beer, no matter how much you think it does. NEVER, EVER feed your computer beer.
    10. Re:CERIAS by Anonymous Coward · · Score: 0

      STOP. THIS IS NOT A PUBLIC AREA.
      *** CERIAS ***

      Yes, I feel your pain too. Recitation is a really weird spot for them to be anyway, I think.

    11. Re:CERIAS by Anonymous Coward · · Score: 0

      Even better.. the new Instruction Annex on LAEB is the LAEBIA!!

    12. Re:CERIAS by mrwonka · · Score: 0

      Have you been into the CERIAS labs though ? They have some good equipment.

      C

    13. Re:CERIAS by coj · · Score: 1

      We generally don't yell at people for walking through. I only get testy when I find people sleeping on the benches outside my office. This ain't a bus station, kids.

    14. Re:CERIAS by Anonymous Coward · · Score: 0

      Hm. last I checked it was a bunch of SUN thin clients with smart cards.

      Fairly spartan but at least they're true to the overall theme there.

    15. Re:CERIAS by fitch609 · · Score: 0

      None of the above...it's Recitation.... althoughi wish I had some BEER right now

    16. Re:CERIAS by fitch609 · · Score: 0

      I definitely think those grad students up on the 4th floor are scary. I have to work up there sometimes and they are just really creepy. Everytime I go up there they are always arguing about some historical fact and it still doesn't cease to amaze me.

    17. Re:CERIAS by theCoder · · Score: 1

      One of the PhD students is teaching our cs426 class right now...

      Heh, I had CS426 taught by Spaf himself :P

      Do they still have the lab where you get to play around with a UNIX shell script
      virus?

      --
      "Save the whales, feed the hungry, free the mallocs" -- author unknown
  8. architectural differences? by Frisky070802 · · Score: 4, Interesting
    I'm curious about Spaf's comment that the prevalence of worms on Windows is due to architectural differences rather than market share. Is there proof of this? Certainly people write worms/virii for Windows because it's easier, but also because it's so much easier to hit critical mass.

    It's also worth noting that of the 3 UNIX worms he mentions, one, the RTM worm, hit long before it was fashionable to spread things in Windows. The architecture not only permitted it, the holes had been around for ages.

    Interesting that Spaf said RTM should be jailed for unleashing that worm. If he had been, would he be an MIT professor now?

    --
    Mencken had it right. So glad that's old news.
    1. Re:architectural differences? by zcat_NZ · · Score: 3, Interesting

      I'm curious about Spaf's comment that the prevalence of worms on Windows is due to architectural differences rather than market share. Is there proof of this? Certainly people write worms/virii for Windows because it's easier, but also because it's so much easier to hit critical mass.

      A year ago, I would have agreed with this point of view. Internet Explorer, Outlook Express, IIS, and Windows itself were crawling with major security issues that different worms and viruses could exploit.

      Now days, viruses are starting to arrive as a zipped, passworded attachment, replying entirely on social engineering tricks to fool the user into running the virus.

      If Linux were the predominant desktop operating system, I think these viruses would still be arriving, as gpg-encrypted rpm's or tarballs, and the same users would still be fooled into installing them with root priviledges.

      --
      455fe10422ca29c4933f95052b792ab2
    2. Re:architectural differences? by zcat_NZ · · Score: 5, Interesting

      Allow me to respond to myself;

      The problem is no longer with the Operating System itself. The problem is that most users care far too little about how the operating system works, and are much too trusting.

      Say, for example, that you came back to your car one day, and there was the following note on the windshield.

      "Helpful advice from another motorist; your engine has become clogged with a black, sticky residue which may be slowing it down. You can remove a plug from the bottom of the motor and drain this gooey stuff out, and your car will run so much better. Pass this advice on to everyone you know"

      Most people would know enough about their car to recognise that this is not good advice, yet they will happily install 'updates', submit banking details to suspicious websites, or delete arbritrary files out of /windows/system32 with barely a thought.

      See what I mean?

      --
      455fe10422ca29c4933f95052b792ab2
    3. Re:architectural differences? by Xenographic · · Score: 1

      Uhh, unless my knowledge of history is off, RTM's worm hit only Vaxen...

      Yes, Vax/VMS, an OS so ancient, I've used it but a little. Enough to believe that it's not very UNIX-like at all, at least...

      Y'know, there was once a time when people believed that worms (not viruses) could be helpful/useful... of course, that has long since been disproven...

    4. Re:architectural differences? by Anonymous Coward · · Score: 0

      See what I mean?

      People are stupid?? Welcome to real life.

    5. Re:architectural differences? by Brandybuck · · Score: 1

      Sometimes this social engineering can be much more clever than baffling them with tales of sludge in the engine. Think of the recent emails from "Microsoft" with an update.

      The equivalent analogy to this with cars is finding a note saying that the local police station is providing free smog checks, with an address to place in a bad part of town. If you did not know that the police have nothing to do with smog checks, you might believe the note. And if you didn't know that the address was not correct, you might drive there just in time for a mugging.

      --
      Don't blame me, I didn't vote for either of them!
    6. Re:architectural differences? by Anonymous Coward · · Score: 0

      Yeah, your history is wrong. It hit mostly Sun boxes, because they were running most of the Net. SunOS is based on BSD, which was originally developed on a VAX.

      aQazaQa

    7. Re:architectural differences? by Mikkeles · · Score: 1
      ' Uhh, unless my knowledge of history is off, RTM's worm hit only Vaxen...

      Yes, Vax/VMS, an OS so ancient, I've used it but a little. Enough to believe that it's not very UNIX-like at all, at least...'

      No, the worm only affected VAXen running 4.3BSD and sun 3 systems. It took advantage of flaws in sendmail and, IIRC, fingerd. VMS systems were unaffected by this.

      --
      Great minds think alike; fools seldom differ.
    8. Re:architectural differences? by don.g · · Score: 1
      Most people would know enough about their car to recognise that this is not good advice
      Most? Most people you know, or most people in a representative sample of the population of western society?
      --
      Pretend that something especially witty is here. Thanks.
    9. Re:architectural differences? by Rupert · · Score: 1

      The architectural differences in your analogy are: MS cars have a button on the outside of the hood that dumps the oil. This is a feature that users demanded, but when the people who implemented it did not consider that someone other than the authorized driver might want to push it.

      --

      --
      E_NOSIG
    10. Re:architectural differences? by Frisky070802 · · Score: 2, Interesting
      A funny anecdote for you here....

      I was working on the Sprite project at Berkeley at the time the worm hit. Sprite was largely UNIX-compatible, but at the source level, not binaries. So we saw evidence that one aspect of the system had been compatible enough to be attacked, with a certain file in /tmp that was evidence of worm activity, but it never actually got in because other things were different enough. Let's hear it for genetic mutations....

      While others were cheering that it hadn't been compatible enough to be effectively attacked, I was the one who'd done most of the UNIX compatibility, and my thought was "wow, we were compatible enough for it to get in and write tmp files! Cool!" :)

      --
      Mencken had it right. So glad that's old news.
    11. Re:architectural differences? by zcat_NZ · · Score: 1

      On reflection; I think the problem is more a matter of scale, and ease of (mis)use.

      If you told enough people to drain the oil from their cars, with a plausable reason for doing it, perhaps a number of them would. Expecially if it was as easy as removing a file from /windows/system32.

      The same applies to telling everyone they know.

      Computers make lots of tasks easy; they don't differentiate between intelligent, productive tasks and pointless or destructive actions.

      --
      455fe10422ca29c4933f95052b792ab2
  9. Spaf?! by Anonymous Coward · · Score: 3, Funny

    If he's so smart, why couldn't he think up a better nickname? I rest my case.

    1. Re:Spaf?! by Anonymous Coward · · Score: 0
      Simpsons:

      Judge: You rest your case?

      LH: Oh I'm sorry I just thought that was a figure of speech.

      LH: Case closed.

    2. Re:Spaf?! by Anonymous Coward · · Score: 0

      Please die, kthx...

  10. gu by Anonymous Coward · · Score: 0

    &
    \sd
    s
    dg
    sg
    #65274

  11. Should there need to be a security field in IT? by Anonymous Coward · · Score: 0, Redundant

    Most exploits are caused by M$ due to their overwhelming greed. Would we need security in IT if M$ could get their act together?

    What they need to do is get RMS on board to give them some clue about how to go about distributing software in a way that will reduce the number of errors. After all, FOSS has a far faster turnaround time for fixing reported bugs.

    Also, if they stopped outsourcing, then the quality of the final product should improve. Take Linux on the desktop. A fine SECURE product, produced with no outsourcing at all!

    So logically, if all software was FOSS, then we would not need IT Security consultants.

  12. Spaf... hacked .. ???? by OneArmedMan · · Score: 2, Interesting

    I really dont know anything about Spaf, but i think that i read somewhere once, that back in the day ( late 80's early 90's ) his personal machine at MIT or Purdue or where ever he was at the time got hacked fairly badly ..

    anyone have any memories of this ??

    or am i just have a bad Acid Flash back .. ???

    1. Re:Spaf... hacked .. ???? by inode_buddha · · Score: 1

      Yeah yer ok -- he mentioned it in one of his articles (can't be arsed to dig it out ATM). Back when Clifford Stoll was going big-time IIRC. Speaking of hacks, was anyone else reading this thread at 0? The whole 8878xxx UID block woulda been banned if it was me...

      --
      C|N>K
    2. Re:Spaf... hacked .. ???? by OneArmedMan · · Score: 1

      oh, ok cool .. so i didnt imagine it, i might have to have a bit more of a dig to see if i can find it again..

      more so for the "how he dealt with it" and "what happend that he could tell" point of view , rather than a *haha he got hacked* .. cause getting owned it teh Suxzor! no matter who you are ..

    3. Re:Spaf... hacked .. ???? by grover_99 · · Score: 1

      Spaf is mentioned in an online book called Underground about a group of hackers from Melbourne, Australia. Back in they 80's they apparently hacked his machine in order to steal something he had on there. Its mentioned in chapter 5.

    4. Re:Spaf... hacked .. ???? by aspeer · · Score: 2, Interesting
      There was a documentary on ABC (Australian Broadcasting Corporation) TV about two early Australian hackers/crackers, Electron and Phoenix. It was called "Breaking into The Realm".

      You can read an article/review about it here in the Melbourne Age. Eugene Spafford was interviewed in the documentary, and was a target of the above-mentioned hackers.

      I will use the term hacker from now on, but you can substitute the term cracker if you think it is the more "correct" term.

      My recollection of the documentary says that one of the hackers did claim to compromise one of Eugene Spafford's machines, albeit briefly. I cannot recall if Eugene Spafford confirmed this in the interview, but I doubt it (his confirmation, that is).

      Whilst it is impossible to verify what was claimed by the hackers the tone in which it was told was not "boastful", and given the other systems that they were convicted of getting into (NASA etc), it does not seem fanciful that they did indeed compromise his machione for a short period of time - which does kind of go against what he claims in the article.

      In terms of the documentary, it was excellent viewing. It did not appear sensationalised or biased, and laid out the people and (sometimes) the motives behind some of these early attacks. Recommended viewing, if you can find it.

  13. CERIAS by newdamage · · Score: 2, Informative

    For those of you interested, CERIAS is actually a pretty impressive research group. One of the PhD students is teaching our cs426 class right now, and it's one of the few CS classes I've taken where I'm actually learning practical knowledge about computer security.

    Go Boilers!

    --
    ce n'est pas un Sig.
  14. Interesting Read by value_added · · Score: 5, Interesting

    Overall, an article worth reading. Two things I found worth noting. First, the "false convenience" metaphor in

    "So long as false convenience and poor design are more important to the average user than security and safety then we are going to have problems."
    I thought was an excellent way to characterise the arguments often raised when such things as user education, simple point-and-click interfaces, administration costs, etc. are the topics of discussion. Also, when asked,
    " What is your preferred platform-Wintel, Linux, MacOS, or....? "
    the response is notably diplomatic:
    "It depends on the application need. No one system (or language or database or...) is ideal for every use. I'm a big believer in using the right tools for the right jobs."
    but then goes on to mention:
    • primary system - Mac OS X (owns 5 Macs)
    • mail and file server - Solaris on a Sun box
    • laptop - OpenBSD
    • tablet PC - Windows
    1. Re:Interesting Read by Barto · · Score: 2, Insightful

      Which is contradictory how? Make sense not you do.

      He owns a Mac box for desktop use, Solaris for his server, a Windows tablet PC (there really is no functionally equiv. alternative tablet platform) and OpenBSD for his laptop (really the only odd one out, probably as his system for x86 coding).

      Looks to me like he's chosen "the right tools for the right jobs," just like he says in the article.

      Barto

    2. Re:Interesting Read by Chuu · · Score: 2, Informative

      About the tablet PC, every CS professor at Purdue University got a free tablet PC from microsoft, as well as a donation of enough for a class dedicated to table pc applications (more info : http://www.cs.purdue.edu/homes/cmh/490T/). I believe microsoft also donated a couple hundred (!) PocketPC's for Purdue's e-stadium project. I wouldn't read too much into the fact he owns a tablet.

    3. Re:Interesting Read by Anonymous Coward · · Score: 0

      Microsoft didn't donate the Pocket PCs for the e-stadium project. Those were purchased by ITaP for instructional uses and were loaned to e-stadium because they weren't being used for anything else at the time.

  15. all you need to know about information security by theMerovingian · · Score: 2, Funny


    rot13

    --
    "If you think you have things under control, you're not going fast enough." --Mario Andretti
  16. Similar Names... by CedgeS · · Score: 4, Funny

    Great! Now I can find all the tech law websites I want with one simple command:

    cat internet | egrep -i gr[:vowel:][:explosive\ consonant:]law

    Which reminds me, I really wish multi-character atoms would work with reg-ex. The spec calls for them, but they haven't worked in any implementation I've used.

  17. I have to agree. by Anonymous Coward · · Score: 0

    If Academia was deemed immune from the provisions of the DMCA I convinced that his ilk would come roaring out in complete favor of it again. Big difference when these things apply to yourself, huh...

  18. Moderators RTFA by woodhouse · · Score: 1

    Moderators, at least have a cursory R of TFA before modding this crap up. This guy is either trolling or he's smoking crack (or both). His post bears no resemblance to reality.

  19. Problems with Academia. by Anonymous Coward · · Score: 1, Insightful

    The problems that I see arising are when people like Spaf have a significant influence on the maturation of the computer crime field. This, from a practitioner's point of view, is frustrating as people such as Spaf have rarely left their offices and campuses, have little to no experience (in comparison), and often pontificate loudly.
    I know how little they are actually doing up at CERIAS in regards to forensic analysis. They have 1 guy working on research, and another guy who releases tools that have an interface that sucks like a cheap whore. Again, they have not left their offices. (Smart dudes of course, but no exp.)
    We don't want computer security types. We need AFS to set up certification.

    Computer Security != Computer Forensics, for fooks sake.

  20. I always enjoyed his lectures by frinkster · · Score: 2, Interesting

    He's quite the story teller and can relate one to almost every security issue there is. His class was the kind where you almost didn't realize you were learning until it was too late - the final comes and you ask yourself how you learned all the answers.

    It was even interesting to see who he lined up as a guest lecturer each time he had to fly to Washington to brief the Government on something. They all had some weird story about security lapses somewhere important.

  21. HAHAHA HE COPYD OUT OF TEH DICIONARY +5FUNAY!!111 by Deraj+DeZine · · Score: 1

    No, really, that was funny. I'm just a fan of crazy subject lines.

    --
    True story.
  22. MOD DOWN, TROLL by Anonymous Coward · · Score: 0

    Christ, did you do any research before posting your blather? Also, why the fuck are you modded up to 4, Interesting?

    Lay off the crack, friend.

  23. True Story by CajunArson · · Score: 3, Interesting

    It's boring but what the hell....
    I graduated from Purdue undergrad ECE in '02 and with the job market the way it was back then I knew I'd go to grad school. I had picked up a big interest in infosec my last year there so I emailed Spaf about opportunities in grad school. As soon as he found out I was a lowly Computer Engineer he basically said I shouldn't bother.
    So I ended up at Carnegie Mellon instead, and I just finished my MS in Information Networking with a focus on security, I even got to write a Mandatory Access Control system for Linux for my thesis.... Hey Gene? Am I up good enough to be a grad student now?

    --
    AntiFA: An abbreviation for Anti First Amendment.
    1. Re:True Story by harikiri · · Score: 2, Interesting
      I felt a similar attitude when I was looking into Centre for Computer Security Research at University of Wollongong. Back then instead of actually studying, I was porting Route's Trusted Path Execution patch for Linux (and I think OpenBSD) across to FreeBSD and learning how to program with the openssl libraries.

      I ended up dropping out of university and moving into the computer security industry full time, and haven't looked back since. Off and on, I've had to write some code for a work-related project, but not that often (usually use commerical security solutions).

      I suspect some of these security guys who have been around a long time, whether they know it or not - develop an ivory tower complex. Nobody knows how to do anything better than they can, because they've seen it all - or you have to prove yourself by being an honours student or something.

      Bah! I say... I'm making more money than you smelly students anyway! ;-)

      --
      Man watching 6 MSCE's around a sun box, looks alot like the opening scene's of 2001:space odyssey...
  24. Because you're clueless by devphil · · Score: 1


    The Great Worm, in its day, took down a far larger percentage of the Internet than ILOVEYOU or any of its ilk. We clamour for something to be done to those authors, who clearly have caused billions of dollars of loss, but look on older crackers with these weird rose-colored eyeglasses.

    Read spaf's published analysis of the Great Worm sometime. (It was written a few days after the event.) The maliciousness was all there; fortunately, RTM was half-incompetent. Chunks of the code didn't even work and it still wiped out most of the net.

    --
    You cannot apply a technological solution to a sociological problem. (Edwards' Law)
  25. Bonus Spafford interview by securitas · · Score: 3, Informative

    scubaduba, interesting interview. I see some of the same themes that he's talked about in the past. He is quite concerned about the effects of technology on the average person which he discusses in some detail in the interview linked below.

    Here's an interview with Eugene Spafford in two parts that outlines a lot of the issues that he's concerned with. It provides some background and insights into his thinking. I found his views on the purpose of security technology especially interesting and somewhat unexpected. The same goes for his indirect criticism of Microsoft, which speaks to his comment in the Greplaw interview about 'using the right tools for the right jobs.'

    Description courtesy of Bruce Schneier's Crypto-gram:

    Long and interesting interview with Gene Spafford, about the infosec threat landscape; privacy; the challenges of digital certificates, CRLs, public key infrastructure standards and interoperability; key escrow, backup and recovery; identity fraud; trust on the Internet; and the problems of security education today. Sample quote: "Security doesn't work as an add-on. It really needs to be built-in from the beginning."
  26. He is very naive by Anonymous Coward · · Score: 0

    It's a case where our elected representatives and their staff are really trying to understand complex issues and do the right thing.

    Incredibly naive for someone of his age.

  27. GrokLaw, GrepLaw... by phallux · · Score: 1

    ...what next, GropeLaw?

  28. Re:Cat got your tongue? (something important seems by Anonymous Coward · · Score: 0

    Funny! It's a wonder nobody else has come up with the idea of fake funny links like that. Kudos.

    Don't bother with the mods. They're born stupid so they wouldn't understand what's hilarious about "poking around" on Spaf's personal computer.

  29. Missing Comment by 4of12 · · Score: 1

    A nice interview, but I would be interested to see what Spaf's views are on TCPA.

    --
    "Provided by the management for your protection."
  30. Pontification by metamatic · · Score: 2, Informative

    Speaking of Spaf pontificating loudly, don't forget to read the "Farewell To Usenet" message he posted back in 1993, defining that it was the end of an era for Usenet because he was bored with it.

    --
    GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
  31. Nor is it an Office Supply Center by Praxxus · · Score: 1

    Damn kids coming in wanting to borrow my damn stapler. They're worse than stray dogs.

    --
    Okay, I got Linux installed. So where's the free beer everyone keeps talking about??
  32. mods: please mod UP by uucp · · Score: 1

    It seems that people are calling "bullshit" on this and claiming the AC is a troll, which is understandable.

    I've got to say, though, I agree with AC. Spaf's a dick. "In short a net.nazi" is a PERFECT description of Spaf. Now I haven't had to deal with him for a long time, and maybe he's changed for the better. I certainly hope so; but, if this AC's impressions of Spaf were formed around the same time as mine were, then I can understand where the poster is coming from.

    So, no, I don't find this post to be a troll. He may be wrong in thinking that Spaf is pro-DMCA, but the Spaf I've spoken with was most certainly not an open-minded guy who "actively encourages responsible exploration" as others here have claimed.

    --
    Sig (appended to the end of comments you post, 120 chars)
  33. Publish findings anonymously. Problem solved. by Anonymous Coward · · Score: 0

    What is more important to you as a researcher?

    Recognition (and possible prosecution)?...Or the public at large which will benefit more from your findings than the companies would if such findings were suppressed by the DMCA.

    'Beale Screamer' and 'the RC4 divulger' did this sort of stuff the right way. To this day, nobody knows who they are. Surely, their efforts will be remembered long after people like Dmitry Sklyarov, who was punished publicly for his efforts, are relegated to the dustbin of history....

  34. Define "like" by valdis · · Score: 1

    "It's unpleasantly like being drunk."

    "What's so unpleasant about being drunk?"

    "Ask a glass of water that sometime..."