> > "Advanced societies" are updating computer crime laws faster than the> > rest of the world. This means that new generations of these more> > "advanced societies" will have no clue about how remote computer attacks> > are carried out. Future generations of security "experts" will be among> > the most ignorant in the history of computer security. Self Destruction, Very well put. You really hit the nail on the head,which means you are probably going to get a ton of flack. Many willnot understand where you are coming from with this post, hence thepost from Paul. I understand exactly, there are a lot of peoplecalling themselves penetration testers and selling their services tocompanies and they really do not have clue what is going on. They handtheir customer a Nessus scan and wash their hands. I have to deal withthem quite often and truthfully it makes me sick. Now, I am not advocating breaking in to other people's systems, but asthe paranoia about breaking in to systems increases there seems to bea buffer zone that will increase and engulf a the gray areasurrounding systems (ie Wardriving, teaching, etc.). So, although Iagree with you I don't really have a solution to the problem either.To say that Intent should be taken in to account on computer crimeswould lend tons of ammunition for a defense attorney for everycomputer crime case. You would think by now, we as humans would let some common sense in toour thick skulls, but that is not the case. Enacting harsherpunishments for laws does not stop criminals from committing crimes.Criminals commit crimes irregardless of laws and harshness ofpunishment, HELLO... They don't think they will get caught. Anyanalysis of 10-20-Life laws or Three Strikes laws will tell you that.Gun control is another issue I can't get over, the bad guys still hadthe guns. All gun control does is stop law abiding citizens fromowning them. Anyone who says otherwise is kidding themselves. Most of the fraud, scams, and misc computer crimes are not happeningin the countries enacting these laws anyway. > That's silly. Researchers know full well how to do this without ever> breaking any laws. In fact, most of the best researchers who are finding> the bugs and weaknesses in systems never breakin to any system not owned by> them. Paul, this isn't necessarily true. Right or wrong, many people cuttheir teeth messing with other people's systems. > > New generations of teenagers will be scared of doing online exploration.> > I'm not talking about damaging other companies' computer systems. I'm> > talking about accessing them illegally *without* revealing private> > information to the public or harming any data that has been accessed. To> > me, there is a big difference between these two types of attacks but I> > don't think that judges feel the same way. Furthermore, I don't even> > think that judges understand the difference.> >> To me there is not. They're my systems. Stay out, thank you very much.>> If you want to learn how to hack, set up your own network, install some> OSes, with various patch levels, and hack away. You can learn everything> you need to know without ever touching a system you do not own. Get your> buddies involved. Hack each other's boxes. But do not hack into systems> that do not belong to you. That *should* be illegal and you *should* be> prosecuted. > And you're wrong. I don't have to hack into someone else's equipment to> know how to hack into things. Just to play devil's advocate here, perhaps you have $100,000 for areal lab. There is only so much simulation that can be done in a lab.Truly learning how to do many of these things takes years and morethan just a test windows box. As I said, just devil's advocate. I amnot saying to go nuts and break in to everyone's system. The answeryou gave is not a feasible one for a 16 year old kid. I think a betteranswer would have been, create better programs in schools thatactually have the money for such a lab. Now going back to Self Destruction's point, harsher laws may make itillegal to teach such skills in school, this would only serve tosupport his point even more. > Do locksmiths break in to random houses to learn their craft? You can't compare the complexity dynamic nature of today's moderncomputing environments with that of a locksmith. > > I know what you're thinking. You can learn about security attacks by> > setting up you're own controlled environment and attacking it yourself.> > Well, what I say is that this approach *does* certainly make you a better> > attacker, but nothing can be compared to attacking systems in real world> > scenarios. Right on. 100 percent correct. There is no substitute for real worldexperience in penetration testing. No training course or certificationtest can make up for that. --Sysmin Sys73m47ic
