Re: [funsec] Congressman Ed Markey Wants Security Researcher Arrested

[Kevin Johnson]

On Oct 27, 2006, at 11:24 PM, Nick FitzGerald wrote: Larry Seltzer wrote: I know this makes me a fascist around here but this bothers me a lot. He's facilitating fraud, and the fact that he himself says they're not good enough to get you on a plane makes me doubt the value of his research. Suppose he was making  software to print $100 bills. Is that OK because it shows weaknesses in the currency? And if he or anyone else uses these they definitely should be busted.  Then I guess we need more fascists. ; )   I think you've missed the point... I don't think Larry did.  I think his comment was toward the act not the system. _If_ these forgeries are good enough to get through initial (usually  just the briefest of eye-balling and often kerbside) screening _AND_  that opens the whole system up to some much bigger threat _THEN_ the  whole system is totally borked from tip to toe. snip In no way does this contradict what Larry said.  I think it may be a little  extreme saying it is totally borked, but forgeries are an issue that all systems need to take into account.  If the system doesn't, then that needs to be fixed. _IF_ the current system cannot filter out those carrying fake boarding  passes, _THEN_ the current system _IS BROKEN_. snip Again, I don't think Larry or myself disagree with this.   Yes, what he's doing is technically fraud, but to even suggest it  begins to equate with forging $100 bills is reactionary nonsense. Actually I think the two are very similar.  Fraud is fraud.  Saying something is technically fraud is the same as saying your girlfriend is slightly pregnant. It either is or it isn't.  I personally have no problem with someone generating  a single fake ticket that was only there to show that a fake was possible.  Mark it as fake and make your point.  But putting up a site that generates the tickets  is to far.  I think that we as an industry allow people way to much leeway when  they assign themselves the title security researcher. Thanks Kevin --------------------- GCIA, GCIH BASE Project Lead http://base.secureideas.net The next step in IDS analysis!

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.