hi,
> 1. Is there an ethical issue with L0pht members developing Back Orifice 2000, the
>infamous backdoor, and then profit from a solution that protects against it?
well there are several ways to look at it. ever wonder if any of the virus co
perpetuate themselves? as well as most programs and services can be always used
for good or evil as can the 'mighty pen' so if a program is so powerful and
leverages what is available from a system does that make the program itself
necessarily bad? now look at it by tilting your head sideways so you see it
from both sides now;-)) how could BO be used for good? can it be? the argument
is yes.. therefore like most services it depends on the human factor IMHO.
> 2. With L0pht�s known views on government and
corporations, does it make sense for them to act as main counsel for the White
House?
.. the truth is always somewhere in the middle..
> > 3. Is there an issue with gray hat hackers that break into systems
that are then employed as the protectors of those systems? >
there is a very good article by Farmer on securing ones system by breaking into
it. (it is recommended reading although dated these days was relevant back
in the days. still is actually.) that is all that will be said here..
> 4.
Are gray hats preferred for securing a firewall than a good security
consultant? >
.. some of the very best 'SEC Consultants" R x-hackers.. good SEC people
need to see it from both ends anyhow again IMHO..
> 5. Does elevating these gray hat hackers as role models encourage young kids to
>break the law in an effort to become like L0pht?
again this assumes that gray hats are evil and that there is a "Man from Glad"
and that done something illegal and are criminals.. what have they been charged
with?\n;
> 6. Should the press and media be glorifying the gray hat model?
.. no comment ;-}
> With L0pht, developing exploit tools, raising $10 million from venture capitalist
>for their new start-up company, should Mixter, the developer of distributed denial of
>service (DDOS) exploit tools, go raise money as well? If they can get Coolio,
>Mafiaboy, and Mixter together, they might want to borrow Lopht�s business plan.
L0pht IMHO provides a great deal of public information on the
subject which can be used for good or evil. would you propose that
vulnerbilities be cloaked in obscurity? Security best practices and worst
practices should remain public knowledge otherwise you have security thru
obscurity which will leave you with the hard crunchy outer shell exposed l
which if one tilts ones head discovers is quite frail from a side view. How
many people on this list would be aware of their vulnerbilities if{} this was
not publicised by L0pht? just curious..
Best Regards.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
