HTMLGOODIES EXPRESS (tm)
October 9, 2000-- Newsletter #101
Application Security Testing: An Integral Part of DevOps
HTMLGOODIES EXPRESS (tm)
October 9, 2000--Newsletter #101
Please visit http://www.htmlgoodies.com
Greetings, Weekend Silicon Warriors,
Did you hear
Didn't it use to be that parents would tell kids to stop staring at the TV and go outside and play? I remember that. Well, now things have switched. A new report states that adults spend almost twice as long as kid online over a one-month period. Parents surf an average of 730 minutes per month. Teens surf just 300.
Talking to the Asia Pacific Summit of the World Economic Forum, Bill Gates proclaimed that until Accurate computerized translation is brought to bear on the Internet English, will remain the language of the Web. This is despite it being predicted that China will have the largest online population within the next five to ten years.
The rock group, The Bare Naked Ladies, have put out their own Trojan-song. The group has flooded the Internet with MP3 versions of their new song. The problem is that when you get the file, the song plays for about 30 seconds and then the band members come on, scold you for downloading the song, tell jokes, and then ask you to buy their album.
Now onto today's topic
Let's say you were a hacker, or a cracker, and someone thumbed his or her nose at you. Someone stood up, pointed their finger and said (performed as Kirk Douglas), I have created a secure Web site! You have not the power, nor the wherewithal to enter through my firewall protection. I am invincible!
Wouldn't you giggle at the bad imitation and then set out to hack and crack with a vengeance? I don't know that I can see all hackers and crackers going for broke, but you'd think at least one or two would go for it.
Well, just such a thing has happened and the hack/crack crowd isn't taking the $10,000 bait.
The Secure Digital Music Initiative (SDMI) is a Web site put together by the recording industry to combat NAPSTER and sites like it. The site will offer music for a fee. In addition, the files you download from this service will have a watermark attached so that the site can track what you do with the music you download. If you shareyou get caught.
The site has asked those in the hacking/cracking world to come running. A $60,000 fund has been set up to pay for people to go after the site, the encryption code, and a various other elements. The money will be broken into six, $10,000 prizes. Individuals who hack/crack the code will get the full amount. Teams that hack/crack the site will have the money split evenly between the members.
What a deal!
Ah but yet, the hacking/cracking world isn't rising to the occasion. Furthermore, those who are representatives of hackers/crackers are calling for a boycott.
The basic reason for the boycott was that hackers/crackers will not help a company they believe is doing wrong in terms of free use. By hacking/cracking the site, they would be making vulnerabilities obvious and thus giving the owners a heads-up. By hacking/cracking, they would be bettering a site they dislike. I can see the moral conundrum.
My thinking is, why not hack it now and get the $10,000? I understand, and can support, the hacker/cracker moral stance, but you just know sooner or later they're going to go after this site. I offer these reasons:
1. They don't like the site or what it stands for. That makes it a prime target for a hack/crack.
2. The site has thrown down the gauntlet and invited people to come and get them. No one worth their hack/crack salt can tell me that doesn't tempt them even a little bit.
3. The thinking may be now that those who hack/crack will lie in wait and strike when the time is right. I guess there's a certain James Bond feel to that, but the outcome is still the same. You hack, they find the hole and it gets patched.
As it stands right now, the boycott is giving the SDMI people the effect they want. By not hacking/cracking, they're safe. It doesn't matter if there is a hole in the system. You're not going after it.
I'm actually impressed that such a simple concept of paying hackers/crackers to attack is working so well. No matter what the hacker/cracker crowd chooses, the SDMI wins.
Hack and they find the holes. Don't hack and they're safe.
So I say, go for it. Hack away. They invited it. Go get em.
Just go now before they take back that $10,000 that would buy so much really cool software.
That's that. Thanks for your attention and emails over the past weeks. I really appreciate them.
Joe Burns, Ph.D.
And Remember: How many chapters does the bible have? Why, 1189. I think you were thinking of the books of the bible. There are only 66 of them. Each then breaks down into chapters.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...