CDR: Re: AT&T signs bulk hosting contract with spammers
Alex B. Shepardsen
abs at squig.org
Mon Nov 6 15:19:04 PST 2000
On Mon, 6 Nov 2000, Jim Choate wrote:
> On Mon, 6 Nov 2000, Tom Vogt wrote:
> > no. the argument is: if you make probing illegal, we'll see even more
> > (and *much* more) "security through obscurity" - because figuring out
> > that this crap is insecure will land you in jail.
>
> Going to jail won't stop anyone from figuring it out if that's what they
> want. I would be so bold as to suggest that if they make it illegal then
> you'll see a significant rise in the behaviour, along with increased use
> of anonymous remailers and Open Source software than can be kludged.
I have been thinking about the DMCA recently, in respect to the limited
ability granted to researchers for analysis of security protocols.
I doubt we'll see a significant rise in the reverse engineering of
security protocols. We *will* see a rise in the use of anonymous remailers
to reveal vulnerabilities, but overall, I think that such research will
decrease.
Would GSM have been broken if the researchers couldn't have taken credit
for it? Inside the NSA it would have been, surely. But where is the
incentive for private researchers to attack these protocols if they can't
take public credit for their work?
The allowances that the DCMA makes for academic research is not sufficient
to continue to provide motivation for such research. Which is exactly what
the manufacturers want: security through obscurity, and obscurity through
legality.
Alex
More information about the Testlist
mailing list