I’m beginning to wonder if govt organizations just need fresh blood? As a developer, researcher, scientist, think of all the problems where you’ve worked hard to derive an optimal solution? Why aren’t we seeing this in govt? Am I just going off the deep end with this? My point is, I see more failure than progress, in comparison to a booming tech corporate sector. How can we get more critical thinkers, problem solvers, and people who understand technology into the places that matter?

Egads – Maybe it’s not as bad as it seems. This just really ruffled my feathers.

–
ok.. the PDF case whent out of control as you said… i know! POCs come out and more…
–

But please.. can´t you agree with me something?

The “Adobe developers” and “Adobe PDF users” where not alerted about the security hole in time?
This is not better than when you don´t have any idea of a security hole and someone is using it?

Please dude.. as you see my english is a %#$#%! I hope that you are understanding what i type.

Pdp compared the situations to the media piracy scenarios, and what we have today? Yes… i am asking it to you.

We have things like Emule, torrent and others… people using p2p networks to have acess to piracy media, software, ebooks, serials and other things.
Is just a question of time until the exploits and hackin material databases go to the same way.

But, i agree with Tronyx the “good guys” will be considered “bad guys” and all the comunits as gnucitizen are going to be considered “bad guys”.
Is that realy? Is that true? I don’t think it so. And believe that you dont.. i really hope so.

All this kind comunit´s do is act like white hat´s do. They study ways to find securiy holes and spread it to the web comunity.. respecting the company´s that have securty problems and giving time to they correct the bug until this go to web.

Do you remember the PDF case last year?

To sum up, i just want to say that ” they need it” … “they need us” …. and they need ” ETHICAL HACKING “.
Many companys that develop software don´t have time or professionals to develop something that really have security inside. Thats why i believe that they really need us.

Can you see a word where security professionals are no able search or publish information about secuty holes? Becouse … i dont!

The ‘bad’ hackers already break plenty of laws, what’s one more? This law only affects those that care about the law to begin with.

As these laws progress and get increasingly absurd, the more people will flagrantly ignore them (at least I suspect they will). Look at software and music piracy. There’s a good helping of laws against those things, but they don’t appear to be dying down now do they?

I love the way you link this with the concept of security through obscurity. I never looked at it so directly as that before but I think you make a good concise point. (Conciseness being rather lacking in the podcast hehe).

We’ll most likely get a similar law here, probably written worse too, and chances are it will happen like this. Clueless House member listens to clueless lobbyist who heard this Act will cut down on “evil” hacking, they then go on to spread the word to everyone they know and all of those people are clueless too, so when voting time comes we’ve got a lot of clueless people approving something they think is good even though it’s likely going to be worse than the Computer Misuse Act.

We get a new law then, and likely AnDrEw above me is right, so we wind up with the “War on Hackers” based on this new law.

Security researchers find themselves either in a new line of work or meeting “Bubba” in the cell block, hackers go underground, and the police units to deal with cybercrime ultimately fail miserably since all the security researchers that could’ve trained them are missing for some reason. Heck, it wouldn’t surprise me if our law is written so bad that a security researcher who sticks around and trains the cybercrime units winds up arrested after teaching one due to some miswritten clause in it.