Schneier on Security

s/hackers/crackers/g

Thanks.

" So a hacker might package together a Trojan that defeats the latest version of an anti-virus client and sell that to a hacking community sponsored by criminals."

Or the anti-virus company pays the hacker to produce a few vruis and provide the "fix" for them.

I have always thought that these companies would want virus to be produced, so you just had to pay for the software.

Come on don’t you want to be l33t?

Seriously, if I had real cash in the bank I would hire an Internet Security Expert to protect my interest BEFORE I would hire a physical security expert.
I would be more worried about someone stealing my account information than the cash in my wallet.

@Greg

Actually, I don’t think the antivirus companies have much of an interest in more viruses being produced. They like the threat, but they really don’t need more viruses, as quick responses and updates are very costly.

Today many of the security companies are spending a large part of their budget at writing signatures for the latest and greatest worm as well as staying competitive by constantly developing their software. And they have to, as somebody creating a virus that is not detectable is pretty much unacceptable.

The antivirus companies would probably prefer to have to compete on less strictly technical grounds, such as advertisement and support services. Some companies are actually moving in the support direction.

So, no, I don’t believe in that particular conspiracy, just like I don’t believe that hospitals want to keep us sick. They have too much to lose on something like that and really nothing to gain.

I have thought for a long time that organized crime should be supporting open source. That is a way for them to get an OS that they can trust.
Also they have some interesting data security data requirements where it can be better to lose data than to have it fall into the wrong hands. So that they have incentive to hire people to set up systems with encrypted hard drives with the keys saved in volatile memory so that if the feds sieze the machines, powering them down will effectively destroy all of the data.

This is a supprise? Given the choice of hacking for fun while gaining profit or just hacking for fun, what would the majority choose?

"This is a supprise? Given the choice of hacking for fun while gaining profit or just hacking for fun, what would the majority choose?"

It's not a surprise to me.

There's always money (often called "opportunity" in polite circles) but the bigger question is what's the risk?

Crime gets organized to increase their margins, essentially in the same way that businesses grow and get organized. Lack of resistance (preventive or detective controls) means the likelihood of hackers turning to profit is highly predictable.

In other words, where assets are found to be vulnerable concentrated threats are bound to follow if an attack (investment) can turn a profit for relatively low risk.

@Student:
'Actually, I don’t think the antivirus companies have much of an interest in more viruses being produced. They like the threat, but they really don’t need more viruses, as quick responses and updates are very costly.'

If you write the virus, you know exactly how to solve it, and you're that much ahead of your competitors.

I'm not suggesting that there are many corporations that do so, but I expect that a few people (besides myself) have considered it at one point.

@Bruce Schneier
--
"This is a supprise? Given the choice of hacking for fun while gaining profit or just hacking for fun, what would the majority choose?"

It's not a surprise to me.
--
do you not get sarcasm or something?

Oh no, please!

REAL HACKERS are not criminals. Hackers are those guys that code OpenBSD, for example. Or Linux. Hackers are those who _think_ and do some great _hacks_, they do not not hack servers for money. those guys are not _hackers_!!

Hacking is not a crime.
Making allegations otherwise should be.

Israel Torres

What hackers? If sony can install malicious software on your computers without your consent why can't those so called hackers? Everyone's a potential hacker, just like everyone's a potential terrorist.

@lukas, Israel Torres

We lost the "hacker != cracker" nomenclature war a long time ago. I'm just waiting for someone to propose a new term for hacker.

I thought about proposing

hacker -> hakir
hacking/hackery -> hakiri

due to its similarity to fakir but a search on the net seems to indicate that that's too close to the Spanish spelling of hacker. It's also just too close phonetically to be an effective disambiguator.

Anyone have any suggestions?

Fair suggestion,
Personally, I dropped the name hacker a while ago, terming myself instead an unlocker...it didn't last, still.

i want to come in contact with any hacker because my C card was hacked and when i layed a complain,all the web maters told me that the only way to avoid hacking is tohave an idear of hacking
so i need a hacker to brief me.