Fellow PLUGgers, Maybe those more authoritative (but less vocal than I) can help by replying to Erwin about this.
--> Jijo -- Federico Sevilla III :: [EMAIL PROTECTED] Network Administrator :: The Leather Collection, Inc. GnuPG Key: <http://jijo.leathercollection.ph/jijo.gpg> ---------- Forwarded message ---------- Date: Wed, 21 Nov 2001 06:34:45 -0800 (PST) From: Erwin Oliva <[EMAIL PROTECTED]> To: Federico Sevilla III <[EMAIL PROTECTED]> Cc: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> Subject: Re: [plug] attacked to abs-cbn Jijo, I appreciate your concern and passion for these things. I thank you for that. Here's a suggestion: I can e-mail you several questions right now and hope you could answer it. I'm doing a special report on Internet security here in the Philippines, and you'll be one of my resources. Btw, what is your position at PLUG? Are you an officer of the group? Questions: 1. What do the series of attacks by Asian Pride Crew mean for the level of Internet security in this country? 2. Considering that you only tag this group as "script kiddies," are you saying that security knowledge of local sysads are also "amateurish?" Why or why not? 3. Why do you classify Asian Pride or even Locusts.org as script kiddies, or crackers? Have you personally seen their activities? or even monitored their hacking activities? 4. How secure is Linux? Some of these script kiddies claim that they are able to break into Linux systems (particularly ver. 2.2). What are the "known security holes" in Linux systems? 5. What is PLUG doing to stop "crackers," script kiddies from breaking into Linux systems? thanks. erwin > > On Wed, 21 Nov 2001 at 02:01, Erwin Oliva wrote: > > It's really not our intention to hype what these > so-called "script > > kiddies", or crackers are doing. We're just > informing the public that > > these activities are happening in the > "background." That's my job. To > > report these incidents, unless someone else wants > to do it. > > I agree with you and commend your journalism. > Perhaps there was a > misunderstanding with the way I phrased part of my > previous message. The > hype I referred to is not because you report about > the actions of groups > like Asian Pride. I believe, like you probably do, > that it is just right > that their actions should be reported to the public. > > The hype, in my view, is that they are referred to > as hackers, which I > don't think they are. They're script kiddies, who > take advantage of the > fact that some system and network administrators > don't do their job of > keeping up with security updates. Script kiddies do > not find security > holes in software or protocols. Instead they use > scripts (hence the first > part of name) that exploit known security holes. > What's worse, most of > the time these script kiddies don't know about the > scripts they use. They > just use them (hence the second part of the name). > > Script kiddies have a place in society and should be > reported about. But > they don't share the same place as hackers, and > referring to them as > hackers just boosts their ego, making them feel > superior. So calling a > script kiddie a script kiddie in a news report lets > the public know of the > activities of such groups as AsianPride without > giving the script kiddies > an undue place of honor that only a true hacker -- > like Linus Torvalds for > example -- would otherwise have. > > > If the IT community is getting worried about the > activities of these > > script kiddies, then what is it doing? > > For one thing people like me are getting in touch > with people like you, > hoping that we can stop calling these script kiddies > hackers. Also, groups > like the Philippine Linux Users' Group (PLUG) do > various advocacy programs > hoping that more IT people will shift from the > security hole that > Microsoft products are to Linux which is by default > infinitely more > secure, and with proper configuration, very very > difficult to hack, and an > almost impossible job for such script kiddies as > those who call themselves > members of AsianPride. > > > As a journalist, my job is to write about these > incidents, thereby > > making people or government think about Net > security issues. You've > > probably read the grand plans of government on IT. > Did they ever think > > of security? Hmmm... > > No, the government's IT people aren't on the right > track, IMHO. And I am > glad that people like you are helping out by writing > about the successful > activities of script kiddie groups like AsianPride. > > > On the difference between cracking and hacking, > well, that's another > > issue. It's an issue of semantics. The meanings of > words do change > > through time. Like Linux versus > GNULinux...Articles are now using > > Linux, but it is really GNULinux, if we really > want to be technical > > about it. > > I agree that these situations are similar, but I > don't agree that they are > the same as far as degrees of importance are > concerned. Linux vs GNU/Linux > is just about GNU (read: technical issue), and to > some people, really just > about Richard Stallman's ego (not that I personally > agree with them). > Cracking and script kiddies versus hacking, however, > has social > implications. Most, if not all, script kiddies, > operate not for money, but > for pride. It is their egos at stake. To be called a > hacker is exactly > what the script kiddie wants to achieve. If more and > more of us call a > script kiddie what he/she really is (a script > kiddie) instead of something > he/she wants to achieve, then perhaps we can remove > the glory of the > entire process of cracking without sacrificing > journalism (ie: you still > write about computer security). > > > So I'm still part of the uninitiated public, too > ;-) > > I don't think you are. The uninitiated public > probably doesn't know what a > cracker is (although they might say "Skyflakes?"). I > am hoping, however, > that you can help advocates like myself re-educate > (or initiate?) the > general public. Even if we don't clear up the name > of the true hackers, we > can at least introduce some new terms (computer > cracker, script kiddie) > that more appropriately describe most of who are > referred to as hackers. > > Thanks for your time. > > --> Jijo > > - -- > Federico Sevilla III :: [EMAIL PROTECTED] > Network Administrator :: The Leather Collection, > Inc. > GnuPG Key: > <http://jijo.leathercollection.ph/jijo.gpg> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iD8DBQE7+4Bj5rCBSJO3Rr4RApfeAJ9M0Pxy3J/WPySIK108BEpTnWNN1ACcCa1u > 2JbdzQ7Ghj0injfMudvHK9g= > =4Z4S > -----END PGP SIGNATURE----- > > ===== Erwin Oliva [EMAIL PROTECTED] __________________________________________________ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
