WHY?

I'm a member of ISSA (Information Systems Security Association), which is supposed to be people that are in a systems security position in their company, or that run a systems security/auditor company. These people should be aware of what exploits are out there, know how to counter them and how to fix the issues on their computer. In my eye they should be very well versed on what tools are used by the crackers out there (to me a cracker is a person that breaks into a system for mal intent, a Hacker is a person that discets THEIR systems and code to learn more about what the system and code can do, a GOOD Hacker does not break into other peoples systems anymore, it's too cheap (IE FREE in many cases) to get the operating systems you would want, and code you can use to learn on your own systems) are using.

Last month at the ISSA Chapter meeting we had a security audit/training company come in and show us some of the current tools available freely on the Net that were being used by the script kiddies and in some cases Pros. They even used some on a mock network.

The person doing the demo, an ISSA member himself, received at least one email from a participant and member stating that he should not be showing us and using such tools.

ISN'T THAT WHAT THIS GROUP IS ALL ABOUT? LEARNING MORE ABOUT THEIR INDUSTRY (Data Security and Integrity), AND LEARNING HOW TO THWART IT?

ARGH!!