[plug] Trade

[Christian]

Mike Holland wrote:
> 
> On Mon, 28 Feb 2000, Christian wrote:
> 
> > Jeremy Malcolm wrote:
> > > Does anyone want to try to hack into my server? :-)  In exchange I'll
> > > try to hack into yours. :-)  No DoS attacks please.
> >
> > Wow, what a deal...  How can anyone resist an offer like that?  We/I get
> 
> Easy on the sarcasm there Christian. I didnt see him asking for a
> professional like you. Plenty of kids with off-the-shelf hacking tools
> would enjoy the challenge. Or at least the chance to play with the tools
> risk-free and/or ethically. Lets assume Jeremy isnt expecting experts, eh?

Then what is he asking for?  What is the value of that?  Why doesn't he
go and get these tools himself and test them out?  There is some value
in trying to penetrate your own security because, at the end of the day,
you know what sort of guarantee that gives you.  Getting random people
to attempt to break into your computer doesn't tell you anything about
the security of your system; you have absolutely no idea how "thorough"
they are going to be and, if they were to compromise the system, how do
you know that they would tell you?  Furthermore, what protection would
you have against someone who took up the offer, thoroughly compromised
the system and stole/damaged sensitive data?  After all, you invited
them to break into your system...  (This is just an aside, not my real
point since I'm not a laywer and I think Jeremy is.)

If you want to have *some* sort of guarantee of the security of your
system then hire a professional to do a proper security audit of it. 
Informal challenges for people to try and break in will almost certainly
tell you nothing about how secure you are.