> There's this perception that there's a vast number of really talented gray
> and black hat hackers. I would argue that this number is MUCH smaller
> (less than 100?) and that there is an equal number of good guys in
> security. How many "Mudge" type people exist in the world? You can
> start to count.. Mudge, Hobbit, Weld Pond, and the names and numbers
> dramatically decrease from there. On the flip side, we have Casper Dik,
> Wietse Venema, Steve Bellovin, Eugene Spafford, etc that are good
> infosec people who are just as much or more technically competent than
> gray hats, they just don�t post and brag about their exploits.
Of course, you can't argue numbers if you're not even sure of the
definition.
Casper Dik:
Lesse.. Here he is pointing out security holes in Linux.. why would a
security professional do that, especially in a competing product? (He
works for Sun.):
http://www.securityfocus.com/templates/archive.pike?list=1&date=1995-02-08&[EMAIL PROTECTED]
Wietse Venema:
Co-author of SATAN. Talk about releaseing exploit code for the script
kiddies.
Steve Bellovin
Here he describes how to fake DNS names to break into systems:
http://www.research.att.com/~smb/papers/dnshack.pdf
Eugene Spafford:
Take a look at one of his class descriptions:
http://www.cerias.purdue.edu/homes/spaf/CS590T/index.html#desc
He's teaching students to break into systems. And yet, he has
commercial interest in tripwire.com. Hmm.
Ryan
(Now, nobody get your panties in a bunch. I'm obviously pointing these
things out to make a point. I'm sure my hat is a darker shade than any of
theirs.)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
