[plug] Trade

[Tony Clark]

Spoken from experience :)

At 03:47 28/02/00 +0000, you wrote:
>Mike Holland wrote:
>> 
>> On Mon, 28 Feb 2000, Christian wrote:
>> 
>> > Jeremy Malcolm wrote:
>> > > Does anyone want to try to hack into my server? :-)  In exchange I'll
>> > > try to hack into yours. :-)  No DoS attacks please.
>> >
>> > Wow, what a deal...  How can anyone resist an offer like that?  We/I get
>> 
>> Easy on the sarcasm there Christian. I didnt see him asking for a
>> professional like you. Plenty of kids with off-the-shelf hacking tools
>> would enjoy the challenge. Or at least the chance to play with the tools
>> risk-free and/or ethically. Lets assume Jeremy isnt expecting experts, eh?
>
>Then what is he asking for?  What is the value of that?  Why doesn't he
>go and get these tools himself and test them out?  There is some value
>in trying to penetrate your own security because, at the end of the day,
>you know what sort of guarantee that gives you.  Getting random people
>to attempt to break into your computer doesn't tell you anything about
>the security of your system; you have absolutely no idea how "thorough"
>they are going to be and, if they were to compromise the system, how do
>you know that they would tell you?  Furthermore, what protection would
>you have against someone who took up the offer, thoroughly compromised
>the system and stole/damaged sensitive data?  After all, you invited
>them to break into your system...  (This is just an aside, not my real
>point since I'm not a laywer and I think Jeremy is.)
>
>If you want to have *some* sort of guarantee of the security of your
>system then hire a professional to do a proper security audit of it. 
>Informal challenges for people to try and break in will almost certainly
>tell you nothing about how secure you are.
>
Tony Clark
HDL Electronics Pty Ltd
Contract VHDL, FPGA, ASIC and electronic design services
Mobile: National 0403 197 715 International +61 403 197 715