21.7.05

 

security

if i was trying to protect an important system from unauthorized access by hackers (crackers), i would offer a large cash reward to anyone who breached it in a significant way, but DIDN'T do ANY fraud or vandalism, also promise not to prosecute. if you had broken into someone's system, and could get the kudos for having done so and a LOT of money, why would you bother to deface a website, or attempt theft unless you were certain you could get away with it?

you in turn encourage people to bring your security holes to your attention w/o causing real harm. it would have to be the real system though, and not a decoy/honeypot, otherwise people would breach the dummy setup for the money, and the real one to say they did.


Comments: Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?