1996-08-21 - Re: Hackers invade DOJ web site

Header Data

From: nobody@huge.cajones.com (Huge Cajones Remailer)
To: cypherpunks@toad.com
Message Hash: e0b71e636eef37ba720af2a4a5ead1b31ab22b9e03544e2b46374b1efae2e40c
Message ID: <199608210335.UAA16038@fat.doobie.com>
Reply To: <199608202331.SAA25854@snoopy.vetmed.auburn.edu>
UTC Datetime: 1996-08-21 05:56:45 UTC
Raw Date: Wed, 21 Aug 1996 13:56:45 +0800

Raw message

From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Wed, 21 Aug 1996 13:56:45 +0800
To: cypherpunks@toad.com
Subject: Re: Hackers invade DOJ web site
In-Reply-To: <199608202331.SAA25854@snoopy.vetmed.auburn.edu>
Message-ID: <199608210335.UAA16038@fat.doobie.com>
MIME-Version: 1.0
Content-Type: text/plain


> Since we don't know how the intruders broke in, we can only speculate.  I
> can think of several scenarios where cryptographic techniques could help.
> I can also think of several where they wouldn't.  When you've only got 20
> seconds to explain to a non-technical audience, I don't think it's dishonest
> to say that it might have prevented it.

All webservers (except maybe Spinner?) are riddled with buffer overrun
bugs and other similar security holes.  If you run a webserver, you
should basically assume that anyone who really wants a shell on your
machine can get one.  Grab your favorite webserver and grep for
sprintf.

Crypto?  Get real.  The lock on the door matters little when you've
left the window wide open.






Thread