On Tue, 20 Jul 2004 21:41:30 +0200, Full-Disclosure said: > Please im trying to hack, test, read, be 'up to date' & learn from the > full-disclosure-lists. Not learning or be teached economics, politics, > religion, ethics or beliefs, ( then ill go to MS ;-) Keep in mind that except for the stereotypical "script kiddie", all of these factors *do* enter into security. It's all about threat models. Would there be as many viruses if many hadn't been funded by spammers/criminals who wanted a trojan delivery system? Probably not - but you won't get a *real* solution to the problem without understanding the economics driving the market for virus writers. Why are the writers taking that money, where are the employers getting the money, and what benefit does each group find in it? Many sites *do* have to worry about politically or idealogically driven attacks. Do you have to worry about attacks by radical Amish? Probably not, since their belief system won't let them use our technology against us. Do you have to worry about radical Mideastern fundamentalists? Quite possibly, as they don't have qualms about using our tech against us. It's the rare site that has *no* enemies at all - so it's a good idea to know who your enemies are, and have at least an estimate of how far they'd go. (Standard police work 101 - "Did the deceased have any enemies, and would they have bashed the deceased's head in with a candlestick?" ;) It's nice to discuss theoretical issues of attacks and defenses on a lab network. Unfortunately, most of us have systems that are in the Real World, and as such, we need to worry about such things.
Attachment:
pgp00047.pgp
Description: PGP signature