"Advanced societies" are updating computer crime laws faster than the> >
rest of the world. This means that new generations of these more> >
"advanced societies" will have no clue about how remote computer attacks> >
are carried out. Future generations of security "experts" will be among> >
the most ignorant in the history of computer security.
Self Destruction, Very well put. You really hit the nail on the head,which
means you are probably going to get a ton of flack. Many willnot understand
where you are coming from with this post, hence thepost from Paul. I understand
exactly, there are a lot of peoplecalling themselves penetration testers and
selling their services tocompanies and they really do not have clue what is
going on. They handtheir customer a Nessus scan and wash their hands. I have to
deal withthem quite often and truthfully it makes me sick.
Now, I am not advocating breaking in to other people's systems, but asthe
paranoia about breaking in to systems increases there seems to bea buffer zone
that will increase and engulf a the gray areasurrounding systems (ie
Wardriving, teaching, etc.). So, although Iagree with you I don't really have a
solution to the problem either.To say that Intent should be taken in to account
on computer crimeswould lend tons of ammunition for a defense attorney for
everycomputer crime case.
You would think by now, we as humans would let some common sense in toour thick
skulls, but that is not the case. Enacting harsherpunishments for laws does not
stop criminals from committing crimes.Criminals commit crimes irregardless of
laws and harshness ofpunishment, HELLO... They don't think they will get
caught. Anyanalysis of 10-20-Life laws or Three Strikes laws will tell you
that.Gun control is another issue I can't get over, the bad guys still hadthe
guns. All gun control does is stop law abiding citizens fromowning them. Anyone
who says otherwise is kidding themselves.
Most of the fraud, scams, and misc computer crimes are not happeningin the
countries enacting these laws anyway.
That's silly. Researchers know full well how to do this without ever>
breaking any laws. In fact, most of the best researchers who are finding>
the bugs and weaknesses in systems never breakin to any system not owned by>
them.
Paul, this isn't necessarily true. Right or wrong, many people cuttheir teeth
messing with other people's systems.
New generations of teenagers will be scared of doing online exploration.> >
I'm not talking about damaging other companies' computer systems. I'm> >
talking about accessing them illegally *without* revealing private> >
information to the public or harming any data that has been accessed. To> >
me, there is a big difference between these two types of attacks but I> >
don't think that judges feel the same way. Furthermore, I don't even> >
think that judges understand the difference.> >> To me there is not.
They're my systems. Stay out, thank you very much.>> If you want to learn
how to hack, set up your own network, install some> OSes, with various
patch levels, and hack away. You can learn everything> you need to know
without ever touching a system you do not own. Get your> buddies involved.
Hack each other's boxes. But do not hack into systems> that do not belong
to you. That *should* be illegal and you *should* be> prosecuted.
And you're wrong. I don't have to hack into someone else's equipment to>
know how to hack into things.
Just to play devil's advocate here, perhaps you have $100,000 for areal lab.
There is only so much simulation that can be done in a lab.Truly learning how
to do many of these things takes years and morethan just a test windows box. As
I said, just devil's advocate. I amnot saying to go nuts and break in to
everyone's system. The answeryou gave is not a feasible one for a 16 year old
kid. I think a betteranswer would have been, create better programs in schools
thatactually have the money for such a lab.
Now going back to Self Destruction's point, harsher laws may make itillegal to
teach such skills in school, this would only serve tosupport his point even
more.
Do locksmiths break in to random houses to learn their craft?
You can't compare the complexity dynamic nature of today's moderncomputing
environments with that of a locksmith.
I know what you're thinking. You can learn about security attacks by> >
setting up you're own controlled environment and attacking it yourself.> >
Well, what I say is that this approach *does* certainly make you a better>
attacker, but nothing can be compared to attacking systems in real world>
scenarios.
Right on. 100 percent correct. There is no substitute for real worldexperience
in penetration testing. No training course or certificationtest can make up for
that.
--Sysmin Sys73m47ic
