It used to be that I was the only one I knew that walked that fine line between the dark side and the light. Some time ago I noticed that the lines had blurred, and that people I had always known to be on the dark side were now making big bucks preventing the same sort of destruction that they used to visit on the unwary.
I was even asked to share my (somewhat eclectic) list of web sites with other members of the (more or less) good guy community.
Are there really bad guys out there? All you need to do is visit a few news web sites (such as the New York Times) and you can see that the world can be a dangerous place. On the other hand, what they don't tell you is that (like most sensible places), their web site is on the DMZ. It isn't like anything at the NYTimes was actually compromised -- just the web site.
By the way, I'd personally like to thank HFG (Hacking for Girlies) for giving me an interesting addition to this presentation.
Nah. Nothing is ever hopeless. I occasionally teach a Unix and Network Security class, and my first intent is always to frighten the class, but I also offer solutions. The most important thing to remember is that most sites are broken into not because the intruder had esoteric and difficult knowledge, but because the administrator of the site was lazy. If you don't read the CERT reports, if you don't follow BUGTRAQ, if you don't keep your operating system patched and up to snuff, you WILL be compromised (and probably already have been).
If you place the burden of network and system security on someone inexperienced, or overburdened, or don't give them the authority to go with the responsibility, you WILL be embarrassed, and you WILL lose valuable data.
Last modified: Sun Oct 31 20:58:10 PST 2004