Houston Carr, 2008-09-26
In the early 90's, I attended an academic conference in Hawaii. At one presentation, a colleague from the University of California at Berkeley whom I'll refer to as "the supervisor," told a story of young hackers, who he referred to as the Urchins.
Colapse all |
Post comment
Blaming the Good Samaritan
2008-09-26
Anonymous (1 replies)
Anonymous (1 replies)
Re: Blaming the Good Samaritan
2008-10-01
Anonymous (3 replies)
Anonymous (3 replies)
>I think this is one of the dumbest things I ever read on Security Focus...
Well, just listen to that objectivism!
Frankly, I can think of many better ways to "cover" myself than by calling attention to my actions with a detailed written confession. This student was clearly not as stupid as yo...
[ more ] [ reply ]
Well, just listen to that objectivism!
Frankly, I can think of many better ways to "cover" myself than by calling attention to my actions with a detailed written confession. This student was clearly not as stupid as yo...
[ more ] [ reply ]
Re: Re: Blaming the Good Samaritan
2008-10-01
Anonymous
Anonymous
Well, I haven't done pen testing in about 6 years or so, but I started doing them in 1994 as a firewall admin in college. Later did security research/testing at Bell Labs until 2002.
So I kind of understand the concept of running a pen test. One of the things that was crucial with doing pen test...
[ more ] [ reply ]
So I kind of understand the concept of running a pen test. One of the things that was crucial with doing pen test...
[ more ] [ reply ]
Re: Re: Blaming the Good Samaritan
2008-10-02
Anonymous
Anonymous
You've missed the entire point which is ironic given your remark about objectivism.
The only way to objectively determine someone's intent is based upon their actions, which is a crude method at best.
If they do something overt and incontrovertably malicious, then you have good cause to judge ...
[ more ] [ reply ]
The only way to objectively determine someone's intent is based upon their actions, which is a crude method at best.
If they do something overt and incontrovertably malicious, then you have good cause to judge ...
[ more ] [ reply ]
Re: Re: Blaming the Good Samaritan
2008-10-14
The Better Samaritan
The Better Samaritan
I sincerely believe I have the right to break into your mother's house and steal your computer and modem in order to save others from your hacking activity. The real question is will breaking your fingers after I steal your computer violate the spirit of the Good Samaritan law?
Further more, as p...
[ more ] [ reply ]
Further more, as p...
[ more ] [ reply ]
disagree with premise
2008-09-27
Anonymous (3 replies)
Anonymous (3 replies)
So you go on vacation for a week. You come home and find the following note on your kitchen table: "While you were away, I tried to break into your house. I found the front and back doors locked. But, the window in the bedroom was unlatched. Don't worry; I didn't steal anything. But I'd suggest...
[ more ] [ reply ]
[ more ] [ reply ]
Re: disagree with premise
2008-10-10
Anonymous
Anonymous
It would be different if break-ins were actively prosecuted or usually noticed. It seems it is only when there is a confession that anything is done.
The police look for those who break into a home. The police (largely) don't bother looking for those who break into computer systems.
One noti...
[ more ] [ reply ]
The police look for those who break into a home. The police (largely) don't bother looking for those who break into computer systems.
One noti...
[ more ] [ reply ]
Blaming the Good Samaritan
2008-09-27
Anonymous
Anonymous
While I definitely agree that there needs to be a way to protect hackers who have nothing but good intentions, opponents to this stance could argue that a hacker breaking into a system with intentions to alert administrators of vulnerabilities could be compared to a person breaking into someone's ho...
[ more ] [ reply ]
[ more ] [ reply ]
Blaming the Good Samaritan
2008-09-28
RU_Trustified
RU_Trustified
It is a shame that Carleton University has opted to shoot the messenger rather than lift themselves out of their state of denial and take seriously responsibility for the private information of their student clients. The next person to hack them may not have such good intentions.
While this is a ...
[ more ] [ reply ]
While this is a ...
[ more ] [ reply ]
Where to draw the line
2008-09-29
Daniel Thomas (1 replies)
Daniel Thomas (1 replies)
Very interesting, but as you point out, where do you draw the line? What is as part of my good intentioned efforts, I accidentally trigger a denial of service? Yes my intentions where good but I still caused damage to the organisation.
If there was a law to allow 'good samaritan' hacking it ...
[ more ] [ reply ]
If there was a law to allow 'good samaritan' hacking it ...
[ more ] [ reply ]
Re: Where to draw the line
2008-10-01
Anonymous
Anonymous
And what if your "evil intentioned crime" ended in your releasing a full report of your actions, along with an effective method for preventing anyone else from ever taking those actions again? How would that harm the organization?
And remember, as a malicious Black-hat with evil, wicked intention...
[ more ] [ reply ]
And remember, as a malicious Black-hat with evil, wicked intention...
[ more ] [ reply ]
Blaming the Good Samaritan
2008-09-29
Anonymous (2 replies)
Anonymous (2 replies)
I completely agree with the law's stance on these illegal break ins, even with good intentions. Would we even be talking about this if someone tried to break into someone's house just to test their locks? Always ask first. It just makes sense. If you hack into a system, find a hole, and report i...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Blaming the Good Samaritan
2008-10-01
Anonymous (2 replies)
Anonymous (2 replies)
This is really the only argument I have ever heard in opposition to "ethical" hacking. Maybe that's why I hear it repeated, over and over, with no explanation and no foundational reasoning. "It's like breaking into someone's house." Really? How?
I think anyone who isn't aware of the idea that an...
[ more ] [ reply ]
I think anyone who isn't aware of the idea that an...
[ more ] [ reply ]
Re: Re: Blaming the Good Samaritan
2008-10-02
Anonymous
Anonymous
A house has features designed to protect valuable resources, just like a computer system. They're both publically accessible. It's illegal to, without permission, intrude into either, regardless of your intentions.
The fact that malicious activity is rampant on the internent is no excuse to allow...
[ more ] [ reply ]
The fact that malicious activity is rampant on the internent is no excuse to allow...
[ more ] [ reply ]
Re: Blaming the Good Samaritan
2008-10-01
Anonymous
Anonymous
P.S. Why do you say that you agree "with the law's stance," as if your ideological crucifixion of "ethical hackers" is somehow reinforced by the level with which you are a "law-abiding" citizen. Do you know how laws are made in Canada? Did you know that they can be amended? Overturned by the court s...
[ more ] [ reply ]
[ more ] [ reply ]
Blaming the Good Samaritan
2008-09-30
Darin (4 replies)
Darin (4 replies)
Any "good samaritans" need to look at it this way. Suppose someone picks the lock to your house/apartment. They send you a letter telling you what they did and recommending a pick-proof lock. Do you just get the new lock and call it even? Or do you worry about what they might have stolen? About...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Blaming the Good Samaritan
2008-09-30
Anonymous
Anonymous
If a "good samaritan" breaks into my home, he's charged with breaking-and-entering. He doesn't get charged with attempted murder just because breaking-and-entering can facilitate it. Similarly, it doesn't make sense to charge a "good samaritan" with anything more than can be proven on a computer n...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Blaming the Good Samaritan
2008-09-30
RU_Trustified (2 replies)
RU_Trustified (2 replies)
On the other hand, if a student suspects that the private data of his and fellow students are not being protected in a responsible manner, he should just live with it?
This student may be a victim of the curse of too much knowledge. This student may have been better off in the state of ignorant b...
[ more ] [ reply ]
This student may be a victim of the curse of too much knowledge. This student may have been better off in the state of ignorant b...
[ more ] [ reply ]
Re: Re: Blaming the Good Samaritan
2008-10-01
Anonymous (1 replies)
Anonymous (1 replies)
>>>>
On the other hand, if a student suspects that the private data of his and fellow students are not being protected in a responsible manner, he should just live with it?
>>>>
Good point, no, he shouldn't. He should let whoever is in charge of the computer systems know what he suspects. Tell...
[ more ] [ reply ]
On the other hand, if a student suspects that the private data of his and fellow students are not being protected in a responsible manner, he should just live with it?
>>>>
Good point, no, he shouldn't. He should let whoever is in charge of the computer systems know what he suspects. Tell...
[ more ] [ reply ]
Re: Re: Re: Blaming the Good Samaritan
2008-10-03
Anonymous
Anonymous
maybe then, that neighbour may have thanked you for showing him the problem and invited you for a drink, or even paid you for securing his AP.
The good samaritan problem is moral, not legal.
I'd be surprised if your neighbor would have taken legal action against a "good" neighbor.
Bringing down t...
[ more ] [ reply ]
The good samaritan problem is moral, not legal.
I'd be surprised if your neighbor would have taken legal action against a "good" neighbor.
Bringing down t...
[ more ] [ reply ]
Re: Re: Blaming the Good Samaritan
2008-10-01
Anonymous
Anonymous
>On the other hand, if a student suspects that the private data of his and fellow students are not being protected in a responsible manner, he should just live with it?
Nobody's stopping the student from going to the CIO, Dean, Newsmedia, Board of Trustees, and State Attorney General (probably i...
[ more ] [ reply ]
Nobody's stopping the student from going to the CIO, Dean, Newsmedia, Board of Trustees, and State Attorney General (probably i...
[ more ] [ reply ]
Re: Blaming the Good Samaritan
2008-10-03
Anonymous
Anonymous
Of course, I'd prefer NOT to know about the break-in ... this would buy my peace of mind awaiting the day I stumble on a hidden camera while doing cleanup ...
Maybe someone should just center this thing right : it is NOT breaking into MY house, but breaking into MY COMPANY or MY UNIVERSITY, who sho...
[ more ] [ reply ]
Maybe someone should just center this thing right : it is NOT breaking into MY house, but breaking into MY COMPANY or MY UNIVERSITY, who sho...
[ more ] [ reply ]
Blaming the Good Samaritan
2008-09-30
Anonymous
Anonymous
If a security researcher finds something on a site that he does not have permission to test than don't tell them and just post the information all over the net is what I say. If they don't want help or going to prosecute those whose only goal is to make the web safer than let them fall and get hacke...
[ more ] [ reply ]
[ more ] [ reply ]
Blaming the Good Samaritan
2008-09-30
Brandon (1 replies)
Brandon (1 replies)
I agree with the concept of this article. The author is speaking from a legal perspective of protection for those who are technically savvy, non-malicious, but simply have too much time on their hands. There most certainly is a very important legal distinction between the intent to cause damage and ...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Blaming the Good Samaritan
2008-10-01
Teknohazard
Teknohazard
I like your comment; it is well thought out. In my state, I have the right to shoot someone if I catch them snooping around inside my home. What would the implications be, if I had the right to shoot someone who was snooping around inside my network? Clearly, there is a difference....
[ more ] [ reply ]
[ more ] [ reply ]
Blaming the Good Samaritan
2008-09-30
Mr. Mike (1 replies)
Mr. Mike (1 replies)
The home door lock is a bad analogy. We are not talking about private property. We are talking about a business, which you expect to take reasonable precautions. Let's try these to analogies and see what you think:
1) Suppose you have a safe deposit box in a bank. You read on the Internet how...
[ more ] [ reply ]
1) Suppose you have a safe deposit box in a bank. You read on the Internet how...
[ more ] [ reply ]
Re: Blaming the Good Samaritan
2008-10-01
R... (1 replies)
R... (1 replies)
I think in a vacuum your analogies make sense. IANAL, but I had criminal law in college and I work closely with legal where I work. In order for there to be a crime committed, there has to be a criminal act as well as a criminal intent. With your lockbox and mall analogy, there was no intent to comm...
[ more ] [ reply ]
[ more ] [ reply ]
Blaming the Good Samaritan - You Idiots
2008-10-01
Bill (2 replies)
Bill (2 replies)
Many offer an analogy - suppose a stranger broke into your house (or similar) and left a helpful note. blah blah.
This is a logical fallacy called 'straw man' argument.
Let me give you a better analogy:
A son living at home, figures out how to enter without damage, and leaves a helpful not...
[ more ] [ reply ]
This is a logical fallacy called 'straw man' argument.
Let me give you a better analogy:
A son living at home, figures out how to enter without damage, and leaves a helpful not...
[ more ] [ reply ]
Re: Blaming the Good Samaritan - You Idiots
2008-10-01
Anonymous
Anonymous
For someone who missed the point of the discussion, you sure came up with a great analogy!
The son can legally break into his father's home, provided he lives there. He normally has access to the house. What if it was not the son but a helpful neighbor? Someone who doesn't have a key, but goes a...
[ more ] [ reply ]
The son can legally break into his father's home, provided he lives there. He normally has access to the house. What if it was not the son but a helpful neighbor? Someone who doesn't have a key, but goes a...
[ more ] [ reply ]
Re: Blaming the Good Samaritan - You Idiots
2008-10-02
Anonymous (1 replies)
Anonymous (1 replies)
I agreed. Break-in analogy is not applicable unless it is the perp is breaking in his house. The university has something of his at stake. His info.
The world is changing and mindset will need to change as well. Security is now a performance metric similar to that of uptime. Sys Admin shou...
[ more ] [ reply ]
The world is changing and mindset will need to change as well. Security is now a performance metric similar to that of uptime. Sys Admin shou...
[ more ] [ reply ]
Where are the lawyers when you need them
2008-10-02
Anonymous (1 replies)
Anonymous (1 replies)
Another analogy -
Biz A (university) sell widgets (degrees) operating in Canada (legally obligated to comply with Canadian regulations) to Biz B (student). Biz B has expectation that Biz A will protect his personal info as set out by the Privacy Act.
Biz B, out of paranoid - trust but verify,...
[ more ] [ reply ]
Biz A (university) sell widgets (degrees) operating in Canada (legally obligated to comply with Canadian regulations) to Biz B (student). Biz B has expectation that Biz A will protect his personal info as set out by the Privacy Act.
Biz B, out of paranoid - trust but verify,...
[ more ] [ reply ]
Good Samaritan? Houston Carr shouldnt be allowed to post here again
2008-10-05
Anonymous (1 replies)
Anonymous (1 replies)
Penetration testing is all about morals and ethics. He obviously violated that by attacking systems he had no right to. If the university was worried about their security they would hire a security firm. The guy should be expelled and legal matters taken against him to use it as an example. I'm curi...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Good Samaritan? Houston Carr shouldnt be allowed to post here again
2008-10-06
Anonymous (2 replies)
Anonymous (2 replies)
I agree. The fact that Symantec, a security vendor, owns this site makes this all the more concerning. This isn't a lively debate topic - this is a clear ethical issue that's being neglected. Houston Carr obviously has little understanding for law, information security, or the business world. ...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Re: Good Samaritan? Houston Carr shouldnt be allowed to post here again
2008-11-06
Jim
Jim
Sorry for the late post.
The law who's traditional stance on the definitions of trespass and property have not fully adapted to apply to technology is taking a lop-sided balance of power to prosecute those who attempt to penetrate a system, but does nothing to those who do not protect the system....
[ more ] [ reply ]
The law who's traditional stance on the definitions of trespass and property have not fully adapted to apply to technology is taking a lop-sided balance of power to prosecute those who attempt to penetrate a system, but does nothing to those who do not protect the system....
[ more ] [ reply ]
Blaming the "Cracker"
2008-10-11
Anonymous
Anonymous
If biblical references are going to be used, biblical ethics and morals should be applied.
A good samaritan is someone who, while minding his own business, accidentally encounters something amiss and attempts to provide aid.
A "white hat" hacker is not a good samaritan because he would be un...
[ more ] [ reply ]
A good samaritan is someone who, while minding his own business, accidentally encounters something amiss and attempts to provide aid.
A "white hat" hacker is not a good samaritan because he would be un...
[ more ] [ reply ]
Time to grow up
2008-10-11
Anonymous
Anonymous
The days when people had a sense of humor about people taking over their systems are gone. Think of it like this - if someone pen-tested your house without warning, and you caught them wandering around your living room talking about how they were trying to help make your house more secure, you'd hav...
[ more ] [ reply ]
[ more ] [ reply ]
Tresspassing
2008-10-28
Jake Brodsky
Jake Brodsky
What we have here is a penetration test without permission. I don't care what motives the perpetrator may have had. We'll never know that with any certainty. All we do know is that it was done without permission. That makes it wrong.
This kid doesn't deserve to have the book thrown at him, b...
[ more ] [ reply ]
This kid doesn't deserve to have the book thrown at him, b...
[ more ] [ reply ]
How do you know that the Carlton student wasn't acting malicious, and then became paran...
[ more ] [ reply ]