I have been in the security/hacking scene for over 15 years now. Its strikes me as odd to hear Ranum blasting hackers for the problems with security. I can recall when Ranum WAS one of the hackers posting exploit code, and hanging out with the underground scene. In a sense, Marcus is one of the grandfathers of todays hacking scene.

Moveover, I take exception with any blame of hackers. I for one, welcome our new hacker overlords. Can you imagine what our most critical software would be like today if none of the security holes over the past 15 years had been published and exploited? If the 'hacker' fear did not exist, do you think any training in secure software development would have ever occurred? We certainly aren't in a nirvana of security yet, but its a whole hell of a lot better than it was 15 years ago. The security holes were so egregious back then that most vulnerabilities didn't even require scripts or specialized knowledge. Most operating systems shipped with default permissions to allow users to login without a password (hosts.equiv anyone?) or steal entire password files (NIS ring a bell?) by just knowing your DNS domain name.

Think back Marcus... It may be bad today, but its a whole lot better than it used to be.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/334/32044#32044