However, if no viable alternative exists it's the lesser of two evils. A functioning police system and judiciary is a luxury and a means to an end, not a moral cause in and of itself. Spam and botnets currently lie mostly outside of the reach of the law, so if something is to be done about it it's going to be done by private forces. It's not so much a slippery slope as a slippery ladder, stretching back to before the first societies arose. And we still haven't found the bastard that soaped it up.
The difference here, of course, is that combing an application for bugs is not really a creative activity. You can get very creative when it comes to writing an exploit, of course, but that's still not so much about "ideas" and more about being very good at assembler programming/tossing around machine instructions.
Not so much ideas, as professional work. If you post bounties like this, people will send in whatever bugs they can scour out in hopes of getting paid. That means it's working. Think of it like this, how much do you think a closed-source security review on this scale would have cost?
Depression from darkness is really rare. I've never suffered it, nor have I met anyone who has - I think it's comforting. What's the real sanity killer is the midnight sun - full sunlight all night, so you basically need to nail the windows shut if you want to sleep. As the finnish guy wrote above, people only really tend to get down at autumn, but I've met people who get very agitated/disturbed when it gets brighter in early spring for some reason.
Yeah. But on the other hand, actual informed commentary would be lost on anyone but malware analysts/coders. Offensive computing has a sample and some initial dissection data at http://www.offensivecomputing.net/?q=node/1419, but anyone who would actually be interested already knows this.
Yes, that's how the legal system currently stands. What the parent was getting at was more a question of the good/evil/suffering/basic justice involved.
For a simple reason: coding exploits is fiddly, extremely fiddly, and if all the code is constructed using tweezers and needle by an exploitation expert it becomes secure almost automatically?
Why shouldn't it be illegal to be a dick, besides the argument that it would chill constructive debate? It's all about finding a reasonably objective definition of "dick", and how much people should tolerate. Like it's always been. In order to truly be free, you must be free from other people - and unfortunately the only current way to enforce this is creating a relatively impersonal system manned by people.
Sadism, deriving pleasure from others pain? Normal people have an emotional reaction when they percieve others suffering, so how easy wouldn't it be for a wire to get crossed and delivering pleasant emotions instead of painful?
Slightly OT, but I have met men who are sadists without being narcissists or psychopats (not in the BDSM sense, but "I would be euphoric if I set fire to a baby" sense), but who have moral inhibitions that seem sincere reflexive reactions. I cannot possibly begin to understand how these people's minds work subjectively, but I have a folk-psychological intuition I find useful in understanding some of the finer points of Asperger social deficits - on a deep level, all humans assume others to be like ourselves. So such a person might still find it intuitively acceptable to be cruel to others on a regular basis due to the "reward" afforded them, like a normal person would cut someone off in traffic on a rainy monday when late to work. It's just that the reward is completely unknowable to a person who isn't a sadist. One of these people work in the medical industry, and obviously enjoys (again, not just in the gallows humor sense) discussing gory injuries - but I still would consider him a good man. I suspect this is more common than one'd believe.
As long as they don't have kids and are of a sound mind and can support themselves, I don't care what people do to themselves. People in general don't really seem to like it when other people deviate in ways they think are central to being a self-aware human being, as if neurocognitive mechanisms was something written into the fabric of the universe. They same thing applies to me of course, but I try to restrict myself to basic morality - because not accepting people as they are in most cases contribute to suffering, and thus isn't moral.
You don't need to scale it like that. Depending on what you want to achieve, you only need to communicate with the relevant backbone routers. As for security, you can just man the router centrals physically with military personell that can use the military network (SIRPnet I think it's called) to recieve the shutdown orders. It's not like you have to drag fiber-optic cables all the way to the white house.
Only the problem is that people are led to believe that this would somehow protect the internet or the assets connected to it. I can only hope that "internet kill switch" is a code word for more granular segregation mechanisms, or that the U.S. media is just spinning a yarn and Unisys is fishing for contracts.
Nay, but most Americans have no idea about computers, let alone computer security. Ever tried explaining a buffer overflow stack-smashing attack to someone?
Re:Price due to 13 authors; more of a White Paper
on
CyberForensics
·
· Score: 1
Yeah. Almost all of the security knowledge regarding attack methods and proposed defenses floating around in public is in the shape of white papers (or bad rehashes of original whitepapers). This isn't really obvious, I think, but if you just know the lingo used for different attacks you can just google for them. It's like a professional continuation of the text-files apparently common up to the early-mid nineties. I don't know if there's any actual sale of white papers inside the security industry, as I've never worked there, but outside of exploits/PoC and major tools like Core Impact it seems unlikely.
"Cyberwarfare" sounds good. That's basically the only reason you need to use a word. It doesn't matter that to computer geeks "Cyberspace" is a word only old people and small children would use, with exceptions for use in manga and anime. Guess what? Those top generals, statesmen and experts? Pretty old.
Unless, god forbid, the kind of people who get into information security generally are the kind of personalities who would use whatever words required to communicate with others.
Slashdot Mirror
But that wouldn't be any fun.
However, if no viable alternative exists it's the lesser of two evils. A functioning police system and judiciary is a luxury and a means to an end, not a moral cause in and of itself. Spam and botnets currently lie mostly outside of the reach of the law, so if something is to be done about it it's going to be done by private forces. It's not so much a slippery slope as a slippery ladder, stretching back to before the first societies arose. And we still haven't found the bastard that soaped it up.
The difference here, of course, is that combing an application for bugs is not really a creative activity. You can get very creative when it comes to writing an exploit, of course, but that's still not so much about "ideas" and more about being very good at assembler programming/tossing around machine instructions.
A private exploit for a mass-market browser is an incentive in and of itself.
Not so much ideas, as professional work. If you post bounties like this, people will send in whatever bugs they can scour out in hopes of getting paid. That means it's working. Think of it like this, how much do you think a closed-source security review on this scale would have cost?
...But they aren't functional yet. I think it's mostly intended for e-gov, though.
Depression from darkness is really rare. I've never suffered it, nor have I met anyone who has - I think it's comforting. What's the real sanity killer is the midnight sun - full sunlight all night, so you basically need to nail the windows shut if you want to sleep. As the finnish guy wrote above, people only really tend to get down at autumn, but I've met people who get very agitated/disturbed when it gets brighter in early spring for some reason.
No, you're paying to an industry that centers around making itself obsolete.
Yeah. But on the other hand, actual informed commentary would be lost on anyone but malware analysts/coders. Offensive computing has a sample and some initial dissection data at http://www.offensivecomputing.net/?q=node/1419, but anyone who would actually be interested already knows this.
Author contact details are here: https://damagelab.org/index.php?showtopic=17952&hl=eleonore
The post is from last year, but there's a bump from the autor on the second page. I don't know russian, checked it out using google.
Yes, that's how the legal system currently stands. What the parent was getting at was more a question of the good/evil/suffering/basic justice involved.
For a simple reason: coding exploits is fiddly, extremely fiddly, and if all the code is constructed using tweezers and needle by an exploitation expert it becomes secure almost automatically?
Why shouldn't it be illegal to be a dick, besides the argument that it would chill constructive debate? It's all about finding a reasonably objective definition of "dick", and how much people should tolerate. Like it's always been. In order to truly be free, you must be free from other people - and unfortunately the only current way to enforce this is creating a relatively impersonal system manned by people.
Sadism, deriving pleasure from others pain? Normal people have an emotional reaction when they percieve others suffering, so how easy wouldn't it be for a wire to get crossed and delivering pleasant emotions instead of painful?
Slightly OT, but I have met men who are sadists without being narcissists or psychopats (not in the BDSM sense, but "I would be euphoric if I set fire to a baby" sense), but who have moral inhibitions that seem sincere reflexive reactions. I cannot possibly begin to understand how these people's minds work subjectively, but I have a folk-psychological intuition I find useful in understanding some of the finer points of Asperger social deficits - on a deep level, all humans assume others to be like ourselves. So such a person might still find it intuitively acceptable to be cruel to others on a regular basis due to the "reward" afforded them, like a normal person would cut someone off in traffic on a rainy monday when late to work. It's just that the reward is completely unknowable to a person who isn't a sadist. One of these people work in the medical industry, and obviously enjoys (again, not just in the gallows humor sense) discussing gory injuries - but I still would consider him a good man. I suspect this is more common than one'd believe.
As long as they don't have kids and are of a sound mind and can support themselves, I don't care what people do to themselves. People in general don't really seem to like it when other people deviate in ways they think are central to being a self-aware human being, as if neurocognitive mechanisms was something written into the fabric of the universe. They same thing applies to me of course, but I try to restrict myself to basic morality - because not accepting people as they are in most cases contribute to suffering, and thus isn't moral.
You don't need to scale it like that. Depending on what you want to achieve, you only need to communicate with the relevant backbone routers. As for security, you can just man the router centrals physically with military personell that can use the military network (SIRPnet I think it's called) to recieve the shutdown orders. It's not like you have to drag fiber-optic cables all the way to the white house.
Y'know, I don't really think I can take that statement at face value.
You just block the routing between two network segments, by giving a command to the router doing the routing.
Only the problem is that people are led to believe that this would somehow protect the internet or the assets connected to it. I can only hope that "internet kill switch" is a code word for more granular segregation mechanisms, or that the U.S. media is just spinning a yarn and Unisys is fishing for contracts.
Nay, but most Americans have no idea about computers, let alone computer security. Ever tried explaining a buffer overflow stack-smashing attack to someone?
Yeah. Almost all of the security knowledge regarding attack methods and proposed defenses floating around in public is in the shape of white papers (or bad rehashes of original whitepapers). This isn't really obvious, I think, but if you just know the lingo used for different attacks you can just google for them. It's like a professional continuation of the text-files apparently common up to the early-mid nineties. I don't know if there's any actual sale of white papers inside the security industry, as I've never worked there, but outside of exploits/PoC and major tools like Core Impact it seems unlikely.
"Cyberwarfare" sounds good. That's basically the only reason you need to use a word. It doesn't matter that to computer geeks "Cyberspace" is a word only old people and small children would use, with exceptions for use in manga and anime. Guess what? Those top generals, statesmen and experts? Pretty old.
Unless, god forbid, the kind of people who get into information security generally are the kind of personalities who would use whatever words required to communicate with others.
Well stop bugging me about not wanting buttons and I would have more time to get your tools done.
FTFY.