Re: [MV] SS Re: [MV] anybody know this man?

From: Dave Winslow \(Dad\) (David@Winslow.mv.com)
Date: Sat Sep 20 2003 - 12:01:53 PDT


From: "David Cole" <DavidCole@tk7.net>

> Wow, this thread has really gone over the edge.
>
> Steve, I'm going to guess that you don't have any kids. Since if
you did
> you would know that kids sometimes do things they are not suppose to
and
> sometime's parents don't always catch them before something goes
wrong. To
> my knowledge, this Kid-Parent type relationship has been going on
for
> thousands of years in sort of the same manner.
>
> Sometimes Kids get into stuff that they should not and do some
damage. Is
> that wrong, of course. Should we hang them so they don't do it
again, I
> don't think so.

In affect you are saying we should knowingly use less than the
punishment necessary to ensure protection of innocent people? Why, is
that not the purpose of law to begin with?

Why is the delinquent kid more entitled than the future victim?

> My point regarding software and security is that: When a kid, with
minimal
> education and some time to cause mischeif on a generic computer can
cause
> great harm to a "secure" server, there is a problem with the server.

That is true, but only because there are such undisciplined kids to
begin with. To carry your thought farther, we should blame those who
fail to lock their car when it is stolen, or we can go even further,
to blame those who do not install security alarms. The principal is
the same, we owe each other honesty first, and only when that breaks
down must we then protect ourselves with locks or tighter and tighter
software.

> both know that the kid should not be doing this, granted. But there
is a
> bigger problem with the server, since we both know that there are
experts
> out there also, who can do a much better job hacking a server than
some kid
> doing some hacking in the living room. This should serve as a wake
up
> call.

The kid is not likely to know how to hack anything from his own
knowledge, but picks it up the others as it spreads around the
Internet. And it is not at all easy to hack, I have spent many hours
trying to get into a system I was perfectly authorized to get into.

> Ok, so the kid should go to counseling and the kids parents should
be fined
> $1000 for letting him get into trouble, but thrown into jail? Yeah
right.

The kid, with or without his parents help, should pay for every moment
of inconvenience and lost business caused by his actions. That is only
to say that he should be held responsible for his actions.

> We would all be better off if someone asked the kid how he did the
hack,
> asked his friends what they know about hacking and build code into
the
> server that is resistant to such attacks. Because you and I know
that the
> expert hackers know one hell of a lot more than these kids.

I think you are minimizing the problem. Protective code is built into
all software, but unexpected holes show up just as bugs do. The
difference is that bugs occur from proper use, and become known
quickly. Security problems do not show up until it is too late.

> Your shoot the kid, ignore the security risk idea is a little over
the top.

How easy is it to steal a car? Should we excuse the little thieves
because someone came up with that thin metal strip or that keylock
puller? Should we blame the auto makers with our excellent hindsight?

> I've known a lot of kids that have come from very rough backgrounds,
were
> abandoned, abused etc. and very few have I found were anything close
to
> evil intended. They were simply a result of their environment and
most can
> be helped with some attention.

I am also very sympathetic, but that is no reason to expose future
victims to them. And, in the case of kids particularly, the punishment
should be aimed at correction. Public humiliation would be good, that
kid caned in Korea was it, bet he has not done much vandalizing since.

> I just don't understand why some people come to Microsoft's defense
over
> and over again. They have produced some really crappy software that
has
> created major security holes in America. They have a protected
monopoly
> over the software they produce and for some reason a lot of people
think
> this is ok.

Microsoft writes crappy code for sure, but mine is not always perfect,
and I sure wouldn't want anyone, other than my customers, telling me
how to write it. If you can tell Microsoft, you can tell me.

> BTW, if we had no guns in America, people would use knives and
sticks to
> kill each other. I am certainly not of the "the gun is the problem"
> mindset.
>
> Dave

I have 3 grown boys who never hacked. They all did program their
systems to swear at their brothers however.

Dave (another one)



This archive was generated by hypermail 2.1.4 : Sat May 07 2005 - 20:24:26 PDT