On Mon, 16 Aug 2004 23:42:15 +0800, eric pareja <[EMAIL PROTECTED]> wrote: > On "Defacements and gang rape" by Wilson Chua > http://news.inq7.net/infotech/index.php?index=1&story_id=4679 > > Am I just being too critical or is the author going overboard here?
My PhP 0.02-- way overboard. I agree with most (all?) of the thread posters here. > > I feel like the author is being overly defensive about not properly > taking the appropriate steps to defend their website. > Okay, to try and place it in his analogy, as well as elaborate on some points: 1) So they got in and gang-raped your sister. How did they get in? Knowing who did it is not as important as knowing how they got in-- so you can protect you and your sister in the future. Of course, prosecution is important, but organize your priorities-- it could have been worse. You could have been killed in your sleep, or one of your firearms stolen and used in a murder that same night... The worse-case scenarios are endless. (In the same way, as a sysad, know how they got in so you can fix things. It's your job to protect the system; it is a weakness on your part if you take the defensive instead of the proactive stance in dealing with this.) 2) Okay, so does this mean you beat up every single guy who looks at your sister the wrong way? (Does this mean you want to attack anyone making a possible attempt at your site?) 3) (I personally don't get who he's associating w/ the 'barangay captain', but here goes...) 4) Has the author read Cliff Stoll's "The Cuckoo's Egg"? Very enlightening book, and IMHO, Stoll had a more valid problem w/ the infrastructure against crackers at the time. Your site got defaced-- an act of vandalism, and heck, easy to detect the presence of intruders there. Cliff Stoll's site wasn't defaced; in fact, the cracker wasn't detected until there was a very minor error in the login accounting records/bills (since this was a 'time-sharing' facility). Now, between a cracker blatantly going "Hey, I'm l33t! Screw you!", and a cracker not even (or barely) registering, which one is worse? Again, going with the author's analogy: instead of your sister being gang-raped, it's like someone replaced your sister with a clone (or a good actress) who you couldn't tell apart from your real sister-- except for really minor things. Oh, and said fake-sister, a trained cat burglar, is stealing from your neighbors. Now you're being blamed for every incident in the village. It's all a matter of point-of-view, I think. If the author would only forgot what the critics are saying and instead work to fix things, then I think I wouldn't have written such a long reply to this topic. Part of the sysadmin's job has always been to defend his site. (Besides, gang rape is such a loaded and false analogy-- vandalism, maybe, but not gang rape.) -- JM Ibanez - A million monkeys can't go wrong... http://www.livejournal.com/~jmibanez/ http://www.mycgiserver.com/~butiki/ -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
