[12230] in bugtraq
Re: Resistance is futile,
daemon@ATHENA.MIT.EDU (Adam Shostack)
Wed Oct 13 19:16:25 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19991012172818.A10203@weathership.homeport.org>
Date: Tue, 12 Oct 1999 17:28:18 -0400
Reply-To: Adam Shostack <adam@HOMEPORT.ORG>
From: Adam Shostack <adam@HOMEPORT.ORG>
X-To: David LeBlanc <dleblanc@MINDSPRING.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3.0.3.32.19991012111729.043cf010@mail.mindspring.com>
On Tue, Oct 12, 1999 at 11:17:29AM -0700, David LeBlanc wrote:
| I was in the middle of the effort to try and protect ISS' Scanner against
| the licensing being cracked, so I've got some unique insight. It took the
| crackers about 3 months to crack the 4.0 release of the NT scanner (I was
| honored that they'd rather crack the NT version I built instead of the UNIX
| version, but...).
Hey, we went through this too, ya know! :)
David and his group went to a lot more effort than we did. I
advocated against doing this work, even though it would have been a
lot of fun, and even though I was really interested in it as a
fascinating problem, it relates very closely to the copy-protection
problem, which is unsolved. I don't think you can build a system in
software only which a sufficiently dedicated attacker can't crack.
This is the position that I advocated when we were building
Hackersheild, and thats the position that prevailed: That its not
worth spending a lot of time and energy on, because you will lose if
your attacker has control of the system on which you run.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
