From: "Geo." 

"Rich"  wrote in message news:3e335e3e{at}w3.nls.net...
>>   I also responded in part to what I believe to be a silly position you
have taken that if a complex process has an undesirable result that you can
claim any of the many steps or components in the complex process is
responsible for the undesirable result on the premise that removing that
step or component stops the complex process from completing.  It is this
poor logic that allows one to blame you as the user as being responsible
because you are a component in every such example.  You can also use the
same logic to blame the warming of the Earth by the Sun since without this
none of the undesirable results would be possible.  It's simply bad logic
and I called you on it not because I took any offence.<<

[selective editing to separate into a new thread]

Well certainly computing is a complex process that starts with the user
turning on the computer. I agree with that. But being hacked is a subset of
that process that begins at the point where the hacker first gains some
level of control over the situation. However the definition of
"situation" in the context of the discussion is important.

Where that point is can be a matter of perspective. I'll explain a bit
using two examples.

Example 1: the recent slammer worm. Was the beginning of this hack when the
first packet from the worm reached an unpatched server? Or was the
beginning of this hack when the hacker infected the first server? Kinda
depends on whether you are talking about hacking the internet or hacking a
specific server. If you are talking about how the worm spread across the
net then obviously the release of the worm is the beginning of the hacking
process. If you are reporting to management about how your sql server got
infected then obviously it started when that 376B packet that hit your
server was sent. How the server that sent it to you got infected doesn't
need to be viewed as part of the process.

Example 2: the media player/IE thing we were discussing. Was the beginning
when the hacker sent you an email with a link to a web page or was it when
media player fired up IE or was it when IE went to a page of the hackers
choosing or was it when IE executed that page? Certainly from the hackers
point of view you were targetted by the email so that was part of the
process but from the users point of view emails are received all the time
so was it when they clicked on the link or was it at the last point where
input from the user was required?

Because this is all so dependent on POV, I tend to try to define the start
of the hack process as the point where the hacker gains some level of
control over the machine instead of over the situation. That makes it much
easier from my pov because I can't patch users but I can patch machines. I
also try to separate the process of social engineering from the process of
hacking, being that they are both used but clearly they are both separate
processes that from a security standpoint need to be addressed differently.

So no, I don't think my position on where the hacking process begins is
silly and no I don't think it started with the big bang either. Since we
were discussing the exploit described at
http://lists.insecure.org/lists/bugtraq/2002/Aug/0316.html and since that
page describes the hack as

"Combing the Jelmer codebase, the Sandblad dot bug and the 1 year old
wimpy'flication of the media player"

and also since step 1 is to create the asx file (which contains an
executable), then it's my position that the hack begins with the last
action of the user prior to the running of that asx file since that is the
point where no further action on the part of the user is required (the
process is now fully automated), the hacker gains some level of control
over the machine.

I'd be interested to understand you pov on this, as my position is not
something that is rock solid and unchanging, I've never really tried to
define this clearly before so I'm open to suggestion.

Geo.

--- BBBS/NT v4.01 Flag-4