Fighting a never-ending fight…

26 02 2008
“The more complex our security becomes, the more complex our enemy’s efforts must be. The more we seek to shut him out, the better he must learn to become at breaking in. Each new level of security that we manage becomes no more than a stepping stone for him who would surpass us, for he bases his next assault upon our best defenses.” - This Alien Shore

How true… how very true.

Found this quote today while researching vulnerability assessment tools for a client project.

I’d only dabbled in security before, trying to harden my servers and workstations at work, making sure they all had their latest software patches, anti-virus updates, etc, but all that means little when you begin to research some of the gaping holes that exist in the products we use on a daily basis.

It seems that we can never get ahead of the ‘crackers’ out there, the virus coders, the bored digerati with nothing better to do than to see if they can find a new loophole in the system…

Everything just seems so… reactive. After the fact. And just when you think you’re up to date and safe, something new comes and pokes a hole in your defenses again.

This domain of mine has had it’s fair share of attackers… I’ve had a blog that I host for a friend, defaced by some fundamentalist group who thought it was a good platform to announce their political views from. My forums have been under constant attack from spammers. They’ve tried masquerading as my mail domain and sending spam…

And for what? My site is of no importance. This Wordpress CMS is a simple journal and soapbox most of the time… my forums are gaming related, the galleries host a friend’s photos… What are they accomplishing by defacing something I could recreate in about an hour or so. My hosts do frequent backups so I may not even have to rebuild… I could simply rollback to a snapshot…

But to someone, somewhere out there… it was an achievement. Something they’re proud of… “Look at me! Look at what I’ve done! I’m a hacker!”. To you I say the following:

So you call yourself a hacker?

Wrong kid… you’re simply the Net equivalent of the guys that spray graffiti on the neighbourhood wall, or the kids that toilet paper a house. The nosy neighbour sifting through our trash, reading our mail…

Get a life… grow up… use what talents you have for something positive, if indeed it is talent and you’re not one of the lazy ones out there that use exploit frameworks and scripts created by others to do their dirty work.

You could be helping make the Net a safer place, making stronger bonds between opposite ends of the Earth, helping build the metaverse that will be the playground for the generations to come. Instead, you’re out there, defacing, leaving your mark on someone else’s hard work.

You’re not a hacker… you’re a black hat, a cracker, a script-kiddie or worse… and those who can legitimately call themselves hackers are nothing like you.

Should my colleagues and peers in the industry find you, someday, somehow, hope to whatever Gods you worship that our reach is not so far that we can return the favours you’ve so carelessly sought to give unto others.

A time will come when fire will be fought with even greater fire and the fight will not be a one-sided reactive-only defense versus a constantly evolving barrage.

The tools of this electronic war are evolving, even as the attacks are and will separate the chaff from the wheat, leveling the playing field again so that the true fight can begin between black and white. All it takes is education for those involved, giving them the knowledge and correct tools with which to protect themselves, removing innocent bystanders from harms way, creating less victims…

When the time comes, which side will you stand on?

I know where I will be…

Date : 26 February 2008 at 20:15
Comments : No Comments »
Categories : Information Technology, Journal, Personal, Rant, Security, Thoughts, Work

« Previous Entries