The Problem of Security Tools and Advisories Essay -- Internet Securit

The Problem of Security Tools and Advisories Introduction Whether the intent be malicious or merely curiosity, people will always try to circumvent barriers. Physical locks have bread lock picks, and so digital barriers have bread hackers. In the new ethereal world of the wired, this common problem has developed a new dimension. Whereas physical security measures for business, banks, and the like is at a more sophisticated level than for home users, the digital security is similar at just about any level. And, because everyone is connected, and its difficult to know what is behind a given IP address, everyone is a target. Clearly there is a problem, and something needs to be done to make sure the "bad guys" can't get into critical systems. The obvious fix is to write superior software. Unfortunately powerful software is extremely complicated, and even the most valiant efforts to build impenetrable system such as OpenBSD, have fallen short[1], and require post release patches. Given that holes are inevitable, the next line of defense is for the "good guys" to break systems faster than the "bad guys", and alert the proper people to produce and release patches as fast as possible. Unfortunately, if the details of the exploit are made known, it makes it that much easier for less skilled malicious parties to take advantage of unpatched systems, and therein lies the problem with the solution. Personal Inspiration Exploration of this problem is of particular interest to me, as it relates to my current work. The current biggest source of tech support calls at SCU is viruses. Unfortunately, in that group, the largest virus attacks have been though E-Mails that the users must open in order to get infected, which could have ... ...rnegie Mellon University, 2003. <http://www.cert.org/meet_cert/meetcertcc.html> "Online NewsHour: L0pht on Hackers", PBS, 1998. <"http://www.pbs.org/newshour/bb/cyberspace/jan-june98/l0pht_hackers.html> Martin, Kelly, "Delivering the 12kb Bomb", SecurityFocus/The Register, 2004. <http://www.theregister.co.uk/content/55/36345.html> "Limitation on exclusive rights: reverse engineering", U.S. Code : Title 17 : Section 906, 2002. <http://caselaw.lp.findlaw.com/casecode/uscodes/17/chapters/9/sections/section_906.html> "Reverse Engineering" IEEE, June 2003 <http://www.ieeeusa.org/forum/POSITIONS/reverse.html> Mishra, Rohan "Reverse Engineering in Japan and the Global Trend Towards Interoperability", Murdoch University Electronic Journal of Law , 1997. Volume 4, Number 2 <http://www.murdoch.edu.au/elaw/issues/v4n2/mishra42.html#[52]n>