Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security IT

Internet Crime Focus of Black Hat Europe 56

kierny writes "'The Internet needs crime,' said renowned cryptographer Whitfield Diffie, kicking off the Black Hat Europe conference in Amsterdam. His analysis — that there can't be good guys without bad guys — helps explain not just the rise of black hat hackers and, more recently, hacktivism, but signals that the information security profession will continue to not just be relevant, but demanded, especially as the number of data-spewing devices increases exponentially."
This discussion has been archived. No new comments can be posted.

Internet Crime Focus of Black Hat Europe

Comments Filter:
  • by Nyder ( 754090 ) on Thursday March 15, 2012 @02:49AM (#39361741) Journal

    so then we can have replies.

  • by Anonymous Coward on Thursday March 15, 2012 @03:02AM (#39361771)

    Yes there can be good guys without bad guys.

    Closed system.

    A boy scout helps an old lady across the street.
    Is the boy scout good? I would say yes.
    Then, where is the bad guy in this example? The old lady?

    The old argument that good needs evil to survive is wrong.

    • by Sneeka2 ( 782894 ) on Thursday March 15, 2012 @03:08AM (#39361787)

      Then, where is the bad guy in this example?

      The car driver coming down the street at 200mph. Without him, there'd be no need to help the old lady across the street in the first place, she could do it alone.

      QED.

      • by mwvdlee ( 775178 )

        Without a lunatic driving at ridiculous speed, there is still a real danger for honest accidents and there'd still be a need to help the old lady across the street.
        Good guys require bad events, which may or may not include events caused by guys.
        Likewise, without black hat hackers there'd still be a need to protect against accidental or unintentional damage.

        • Without a lunatic driving at ridiculous speed, there is still a real danger for honest accidents and there'd still be a need to help the old lady across the street.
          Good guys require bad events, which may or may not include events caused by guys.
          Likewise, without black hat hackers there'd still be a need to protect against accidental or unintentional damage.

          Not bad events. Helping over the street can be helping with the troubles of old age (walking being difficult). There is no actor and no event there, it's just normal.

          His analysis — that there can't be good guys without bad guys — helps explain not just the rise of black hat hackers

          That is not a explanation, it's just putting the burden of explanation somewhere else (remind you of something?).

      • It need not be an evil person driving a car. In this closed system it could just be another old person driving a Buick. The old person is not evil, just too old to be driving.

    • by justforgetme ( 1814588 ) on Thursday March 15, 2012 @04:12AM (#39361979) Homepage

      The (inherent) bad guy in this situation is the danger of the street.
      If there is no danger there is no definition for good.

      Same goes for limitations, ignorance etc. You can't have it all so
      in some respect you always are bad and good. It's like Schrödinger's
      feline example with you being the poison.

      • by Hentes ( 2461350 )

        But danger is not necessarily human-caused.

        • No, what it does is generate two (or more) groups of ethics, one group is concerned about the effects of said danger and one that isn't. That first group spawns sub groups that can eventually be labeled good and bad.

    • The evil here is entropy, god, or evolution. One or more of the three has caused the lady's genetic code to have serious flaws, causing her body to decay as time passes rather than maintaining itself in good working order. If that evil were defeated (which will require the efforts of many brave and brilliant scientists) then the old lady wouldn't need help, and no one would know she was old because she'd probably look like women we consider supermodels today.

    • by Anonymous Coward

      I went to school with someone who thought prisons should be closed and criminals released because there was an imbalance of good in society.

    • The car drivers talking on their phones, drunk at the wheel, going too fast, or just not really thinking about what they are doing are the bad guys. Without the bad guys the boy scout's actions are not good, and maybe even a little creepy.
    • by lxs ( 131946 )

      I don't know the boy scout. He might be an opportunist looking for reward. Did the old lady want to cross the street in the first place? In matters of ethics context is everything.

      However, at first glance his actions appear to be mostly beneficial.

    • "Then, where is the bad guy in this example? The old lady?"
      Without crossing genderlines and the 'boy' scout being the only guy the answers is 'nowhere'; unless the little urchin is bipolar maybe.
      Otherwise I would like to submit
      http://evilladies.com/ [evilladies.com]
      say:
      http://evilladies.com/serial-killers/dorothea-puente-old-lady-who-killed-men/ [evilladies.com]

      as a possible candidate.

    • There would be no more heroes, and no more villains. Stories would be told about cooperation against implacable obstacles and overcoming overwhelming odds. There would be no deviation from the norm because good would 'be' the norm. For that matter, there would be no more free will, or choice. Only totally rational automatons always cooperating together, no matter what. There would be no more right, no more wrong. There would be only ONE mind, one ideology because without wrongness, without evil there would
    • by dave562 ( 969951 )

      The only reason that you can speak of good is because of evil. If there were not evil, good would not be good because there would not be a "not good" to compare it to. It simply would be what is.

  • Even if crime didn't exist on the internet, we'd still need the white hats to protect us from politicians.

    The privacy invading tripe legislated by our current mob isn't criminal by definition.
    • Nah, black hats are much better for that. white hats and grey hats are cataloged and very silencable.
      Black hat cataloging exists too but isn't as efficient.

      And for those who consider replying with "But but black hats are motivated by personal gain": So are
      You. At least they can make a point.

  • ... so that the fire brigade, police and other law enforcement officers will not be out of work.
    • ...so that all those broken windows can be fixed by someone. If there are sufficient vandals to keep every shopkeeper and farmer in the land busy repairing windows full time instead of doing their regular jobs, the demand for labor will be such that no one need ever be unemployed again!

  • But sometimes it's the corporation behind the server being hacked into that is the bad guy, so that part of the equasion already exists.

  • by DarkOx ( 621550 ) on Thursday March 15, 2012 @04:45AM (#39362089) Journal

    I think there is actually more to this than many slashdotors are dismissing the "no good guys without the bad" as. The things that turns a bad guy into a bad guy are motives and opportunity. Having the skills is a big part of opportunity. Even with the economy as it is most of us in the Western World with education and experience required to be security professionals can make a better living doing that or at least avoid the risks associated with being a criminal while living comfortably. That is not true in some other places and its possible it could become untrue here.

    So maybe there is something to the pushing "hacking is cool" is a bad idea thought. Creating tons of security 'professionals' might just be creating tomorrows black hats mob employees. Sorta like in places all over the world yesterdays soldier has become today's insurgent and or revolutionary. They know the business of war, and its a huge leg up. Knowing is actually I think more than half the battle. I am not saying we should all stop attending $CON and talking to each other about developing better techniques to identify weaknesses. If we did that the integrity of the system would stop improving, and the few bad guys that will be out there anyway, even if working in a vacuum, will be completely unchecked.

    University systems and other stuff got owned all the time in the 70's and 80's before the Internet exited to facilitate communication among black hats, grey hats, and white hats. I don't know what the answer is and I don't really think trying to censor information is ever a good approach but none the less there is something to think about here.

    • The problem with that line of reasoning is that hacking is basically just using programming/IT skills in a certain manner; the only "special knowledge" required beyond that is knowledge of specific exploits and methods. You'd obviously also need to spend time (and/or money) to establish a toolchain and a workflow of sorts and keep that up-to-date, which clearly must be eased by stuff like metasploit and nmap, but otherwise I've seen nothing to indicate that black hats aren't self-made.

      Also, remember that
      • by DarkOx ( 621550 )

        That is pretty much what I was thinking about. If you have ever worked with or even watched a professional pen test team the first thing you notice (if they are any good) is they target collaboration tools that are integrated with stuff like Nessus, Nmap, and Metasploit ( the pro version has build in collaboration tools already).

        You have one person identifying and classifying, and others going after hosts according to specialty, finally you have them sharing information between each other when they discove

        • The structured framework approach seems to be the effort of the security/pen-test industry. Metasploit is basically a very structured approach to exploit code offering payloads in the form of shellcode (notably the meterpreter), crypters to go with that, and basic trojan/binder functionality. It also has a few auxillary modules for various stuff. There's also CANVAS and Core Impact but those are expensive and I've never played with them. Before and besides that exploits were and are written in the form of s
          • On the other hand there's the black-hat exploit kits you can buy for cash, but those seem as a class to be quite different in purpouse and function, namely that of being loaded onto a web page and spreading botnet binaries.
  • People who talk about the importance of the source of a problem, often live from the money what they earn with fixing problems. Clear to see the strategy behind this. If you say,that "you" need crime to respect the good guys, you are very close to commit a crime. Or you already did it in the name of this bullsh!t? Nobody is guilty until its proven by the proper authority. This kind of thinking (we need bad things) is against the community. I not say we don't need security rules or security checks/verificat
  • It does make sense that the more hackers and crackers are out there the more skilled people will be in demand to secure and produce better products. We see an example of good coming out of evil, I suppose. But at what depth the evil? We are witness to a similar situation in right wing politics. The left and the center moved clearly towards the right. That left those on the right with no plank on which to stand so they shifted further and further to the idiotic and radical right. So
  • If Good requires Evil, then maybe we would be better off without both? Just a thought. Especially if "Good" means "ridiculous amounts of legislation, overinflated security software pricing and a persistent universal mistrust of your fellow man".
  • So that we can have people to repair them.

  • At least here in the good ol' U S of A, Ms Napolitano is redefining the word terrorist to include anyone having a minor beef w/the "System" and our wonderful Dept of Justice, in consort with a congress that has the lowest approval rating in history, pushing hard for 'hacking' to become a crime of terror.

    I wouldn't be surprised if someday soon just running Linux and 'non-approved' applications will get you on the 'black-hat', 'no computer for you!, list.

    Remind me, who are the good guys again? Because I re

  • So, instead of finding the cure, they wish to profit from a steady stream of treatments.

    Instead of making code easier to secure (better libraries, saner programming languages), or programming the compiler to scream when a possible issue needs to be attended to, we're going to employ thousands of people in a jobs program.

    Am I the only person from the school of 'fix it once, for all eternity'?

It is now pitch dark. If you proceed, you will likely fall into a pit.

Working...