[plug] Trade [flame alert]

[Jeremy Malcolm]

-----BEGIN PGP SIGNED MESSAGE-----

Christian wrote:

> > > Wow, what a deal...  How can anyone resist an offer like 
> that?  We/I get

Well excuse me, I thought this was a Linux user group mailing list,
where we can all ask from and offer help to each other, without people
criticizing us for not paying a professional to do the job.  Obviously
I was incorrect.

Mike wrote:

> > Easy on the sarcasm there Christian. I didnt see him asking for a
> > professional like you. Plenty of kids with off-the-shelf hacking
tools
> > would enjoy the challenge. Or at least the chance to play with the
tools
> > risk-free and/or ethically. Lets assume Jeremy isnt expecting 
> experts, eh?

Exactly, I thought someone might appreciate my efforts to check their
system's security in exchange for doing the same to mine, and I don't
know what basis Christian thinks he has for implying that I would be
slacker than they would.

Christian wrote:

> Then what is he asking for?  What is the value of that?  Why doesn't
he
> go and get these tools himself and test them out?

I have.  But I know my own passwords.  The first thing I would do if I
was trying to hack into someone else's system would be to guess or
sniff their passwords.

> you have absolutely no idea how "thorough"
> they are going to be and, if they were to compromise the system, how
do
> you know that they would tell you?

Logs will tell me how thorough they are.  If they were not very
thorough, I would still thank them for trying, I wouldn't whinge about
not getting "value" for the "exchange".  As for knowing that they
would tell me if they succeeded, as indicated above, I had wrongly
assumed that there was some still some spirit of mutual cooperation on
this list that used to be traditional within the Linux community. 
Sorry for maintaining such an outdated attitude.

> Furthermore, what protection would
> you have against someone who took up the offer, thoroughly
compromised
> the system and stole/damaged sensitive data?  After all, you invited
> them to break into your system...  (This is just an aside, not my
real
> point since I'm not a laywer and I think Jeremy is.)

Well I'd only have myself to blame.  But there is nothing stopping
anyone anywhere from trying to hack into my system, *without* my
permission (in fact I do get numerous hacking attempts every day, and
I haven't been compromised yet).  If they seek my permission to begin
with, I can probably assume they would have the basic decency to
follow my ground rules.  If they don't, over 90% of the data on my
system is mine so I'm happy to live with the risk.

> If you want to have *some* sort of guarantee of the security of your
> system then hire a professional to do a proper security audit of it.

> Informal challenges for people to try and break in will almost
certainly
> tell you nothing about how secure you are.

I don't make enough money from it to start employing professionals
(it's basically just a hobby, not my day-job unlike you).  Am I to be
criticised for trying to trade security tips with another hobbyist
without offering cash?  Next are you going to start criticising people
on this list for being cheapskates by using a free operating system,
instead of shelling out money for Solaris (or, for that matter,
Windows NT)?

PS. Offer stands, likewise with the secondary DNS trade.

- -- 
JEREMY MALCOLM Jeremy at Malcolm.wattle.id.au http://malcolm.wattle.id.au
SIG of the day: [ ] Contact  [ ] Web  [ ] PGP  [ ] Taglines #1  [x] #2
"I'm a lawyer." "Honest?" "No, the usual kind." | Linux, the choice of
a GNU generation. | Are you the brain specialist? | "Could anyone pass
the sodium chloride, please?" - Adric (5W) | The Nanites have lawyers?

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.0.2i

iQB1AwUBOLn70b/mBljD2JABAQFVGgL9G1ea067cisoxP7bu+fH9aeOGkVJJBYii
orH1CGVbZlkUEWz3WLV1H1xH/dQl3HHuxJspaEgBKanYN4R8SNMbWYjABtwL7jeV
EzPCqzzpb2fHAB/4GSf/BW30bcQOd3Bx
=guDN
-----END PGP SIGNATURE-----