Nukie
03-May-2004, 11:19 AM
Should the latest security information regarding computers be so readily available to anyone (i.e bugtraq) ? or is it the breeding ground for the most annoying kind of 'hackers', script kiddies?
Quote from a linux magazine review on a security related book ... "A good working knowledge of computer security issues and techniques obviously implies sharing a skillset with crackers and malicious users. Sharing such knowledge is view by some as a double-edged sword, and many security tools can easily be applied for a variety of purposes, some of which might push the legal envelope."
I've been on the bugtraq mailing list for a while now, and have noticed on occasions security experts detailing very simple procedures on how to gain access into a system. E.g An sql injection to gain administrative access on a widely used guestbook was recently noted. A simple search on google returned dozens of genuine home pages hosting this guestbook. Majority of which were now '0wN3d by l33t h4x0rs'.
Should these bugs be so readily available or should this information be kept between the author of the software and the bug finder? Its also worth noting that these bugs are often resolved within hours but it could take months for people to get these updates, which could be too late.
Quote from a linux magazine review on a security related book ... "A good working knowledge of computer security issues and techniques obviously implies sharing a skillset with crackers and malicious users. Sharing such knowledge is view by some as a double-edged sword, and many security tools can easily be applied for a variety of purposes, some of which might push the legal envelope."
I've been on the bugtraq mailing list for a while now, and have noticed on occasions security experts detailing very simple procedures on how to gain access into a system. E.g An sql injection to gain administrative access on a widely used guestbook was recently noted. A simple search on google returned dozens of genuine home pages hosting this guestbook. Majority of which were now '0wN3d by l33t h4x0rs'.
Should these bugs be so readily available or should this information be kept between the author of the software and the bug finder? Its also worth noting that these bugs are often resolved within hours but it could take months for people to get these updates, which could be too late.