Richard Forno, 2002-03-28
The Good Samaritan defence, invoked by hackers like Adrian Lamo, can too easily be distorted by those with less altruistic intentions.
Colapse all |
Post comment
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-03-28
Anonymous (1 replies)
Anonymous (1 replies)
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-04-03
Anonymous (1 replies)
Anonymous (1 replies)
All,
I can't agree. I am a Security Engineer for an Atlanta-based security firm, and have done many, many pen. tests, audits, and network security runs. I have to say that if I went about and did some 'good samaritan hacking' on my own, I'd consider myself on the wrong side of the law. The anal...
[ more ] [ reply ]
I can't agree. I am a Security Engineer for an Atlanta-based security firm, and have done many, many pen. tests, audits, and network security runs. I have to say that if I went about and did some 'good samaritan hacking' on my own, I'd consider myself on the wrong side of the law. The anal...
[ more ] [ reply ]
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-03-28
Anonymous (8 replies)
Anonymous (8 replies)
I have a diffrent example. Some one walks by a bank and sees the door open. Thinks some one must be working just in side the door. Next day he sees the door is still open. No big deal must be a busy bank. Third day door still open, he looks inside, and finds NO ONE THERE. Fourth Day he looks...
[ more ] [ reply ]
[ more ] [ reply ]
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-03-29
Rick Forno (1 replies)
Rick Forno (1 replies)
Hey - I only get a certain amount of words per column! I certainly think that a certain level of negligence on those cos. that don't implement good security is in order. After all, in the case of fire/burgular arms, you get fined if you have too many false alarms, right?...
[ more ] [ reply ]
[ more ] [ reply ]
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-03-29
Anonymous
Anonymous
Your analogy is flawed. You don't just "walk by" a network and see the door is open--you have jiggle the doorknob.
To be a better analogy, the person in your scenario would have to walk by the CLOSED (but not locked) door *and see if they could enter*. If they then entered, outside of normal bu...
[ more ] [ reply ]
To be a better analogy, the person in your scenario would have to walk by the CLOSED (but not locked) door *and see if they could enter*. If they then entered, outside of normal bu...
[ more ] [ reply ]
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-04-01
Matthew Z.
Matthew Z.
The flaw in your argument is that many of the hackers, including Lamo, walked in, rifled through the desk drawers, read confidential documents, took some home and THEN called the authorities.
I support the Look, Don't Touch' approach, but most of these guys are doing a hell of a lot of touching....
[ more ] [ reply ]
I support the Look, Don't Touch' approach, but most of these guys are doing a hell of a lot of touching....
[ more ] [ reply ]
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-04-02
Jordan
Jordan
That comparison about the bank is not accurate. If that's all that the persons in question were doing, just seeing if the hole is there, then that's fine, and no one is really questioning that. But if the person walked into the open door, then found a bunch of safety deposit boxes that weren't prope...
[ more ] [ reply ]
[ more ] [ reply ]
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-04-02
Somebody
Somebody
Your example is faulty...try this one.
The person walks by the bank, notices that the door is locked, but the lock is cheap and easy to defeat. The person takes out his trusty set of breaking and entering tools and gains entrance to the bank. When inside, he notices that the vault is also easy ...
[ more ] [ reply ]
The person walks by the bank, notices that the door is locked, but the lock is cheap and easy to defeat. The person takes out his trusty set of breaking and entering tools and gains entrance to the bank. When inside, he notices that the vault is also easy ...
[ more ] [ reply ]
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-04-07
Anonymous
Anonymous
There is only a small difference though. In the internet you don't just pass by and see that the door of a computer is open for you to walk in. You have to want and purposely go and try and open a door. This I am totaly against. The example should be more like, what if i come at your house and try a...
[ more ] [ reply ]
[ more ] [ reply ]
so next time i mistype an url...
2002-03-29
Anonymous (3 replies)
Anonymous (3 replies)
... and by accident get to a page that i could not reach by "legally" browsing from link to link i have automatically gained unauthorized access and therefor can be prosecuted or what?
...
[ more ] [ reply ]
...
[ more ] [ reply ]
so next time i mistype an url...
2002-03-30
Anonymous (1 replies)
Anonymous (1 replies)
Oh please. Adrian Lamo doesn't "mistype" url's. He uses proxy hunter to actively go looking for misconfigured proxy servers. There is a huge difference in actively looking for ways in, or finding something accidentally, whether your intent is harmless or not.
And in reality, when you mistype a...
[ more ] [ reply ]
And in reality, when you mistype a...
[ more ] [ reply ]
so next time i mistype an url...
2002-04-07
johnny
johnny
We are not talking about mis-typing anything ... unless you consider actively scanning for the latest IIS vulnerability to find machines without patches, then employing a specifically written tool to take control of the server, then deploying your own code on the site...as valid.
Look, if you use...
[ more ] [ reply ]
Look, if you use...
[ more ] [ reply ]
Good Samaritan Guidelines
2002-03-29
Anonymous (1 replies)
Anonymous (1 replies)
Ethical Hacker Guidelines:
Automated vulnerability scanners may not be used.
Information found on potentially vulnerable systems/networks may never be deleted or modified. Information may be added if it is necessary to demonstrate a vulnerability, but added information should be easily ident...
[ more ] [ reply ]
Automated vulnerability scanners may not be used.
Information found on potentially vulnerable systems/networks may never be deleted or modified. Information may be added if it is necessary to demonstrate a vulnerability, but added information should be easily ident...
[ more ] [ reply ]
Good Samaritan Guidelines
2002-04-09
ImNotAHacker@hotmail.com
ImNotAHacker@hotmail.com
You write:
"If asked, do not reveal the vulnerability to any third party, even after it has been fixed."
What if the Operator leaked confidential information ABOUT his clients and HIS affiliates... That this information can lead someone to online bank account information... And now they refuse t...
[ more ] [ reply ]
"If asked, do not reveal the vulnerability to any third party, even after it has been fixed."
What if the Operator leaked confidential information ABOUT his clients and HIS affiliates... That this information can lead someone to online bank account information... And now they refuse t...
[ more ] [ reply ]
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-03-29
In Response to the Anonymous Above
In Response to the Anonymous Above
If Lamo and others want a little PR by finding old vulns in Fortune 500 organizations than so be it. But I find it amusing that, "Lamo has made it clear that his personal code of conduct keeps him legitimate and free from prosecution". What kind of code keeps you free from prosecution? The Lamo c...
[ more ] [ reply ]
[ more ] [ reply ]
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-03-29
Anonymous (1 replies)
Anonymous (1 replies)
If a customer finds a security flaw through the user interface, rather than by any backdoor/cracker methods, do they fall under the same scenario? What if the "opened bank" is the bank that you use? You have a reason to be there and you notice the bank is insecure. Short of just changing banks, can ...
[ more ] [ reply ]
[ more ] [ reply ]
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-04-01
Steve (2 replies)
Steve (2 replies)
The responsible netizen can try to get the contact information of someone who can close that hole, and let them know about it. If they ignore that, the responsible netizen can then inform securityfocus.com, the BBB, or other relevant organization, and if the company is STILL not closing the securit...
[ more ] [ reply ]
[ more ] [ reply ]
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-04-03
Anonymous
Anonymous
wait...wait...WAIT...does anyone still understand the concept of "Imminent domain?" Last I checked that means that if it is not expressly YOURS, it does NOT belong to you...and you shouldn't be poking around. If I walked into a bank I use (not MY bank), and I see the vault open, I walk over to the...
[ more ] [ reply ]
[ more ] [ reply ]
You're opening yourself up to prosecution if you fess up.
2002-04-17
Anonymous
Anonymous
> The responsible netizen can try to get the contact
> information of someone who can close that hole, and let them
> know about it.
In today's world, isn't that opening yourself up to prosecution? The guy who runs ORBZ got sued just for sending mail to an email server that turned out to be un...
[ more ] [ reply ]
> information of someone who can close that hole, and let them
> know about it.
In today's world, isn't that opening yourself up to prosecution? The guy who runs ORBZ got sued just for sending mail to an email server that turned out to be un...
[ more ] [ reply ]
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-03-29
Steve
Steve
Unlike the bank example, Lamo (and other hackers) are not just "walking by" these corporate networks. They're actively checking doorknobs.
If Lamo was in my network and had informed me of security issues (and I remained reasonably sure he hadn't done anything malicious), I wouldn't press charges....
[ more ] [ reply ]
If Lamo was in my network and had informed me of security issues (and I remained reasonably sure he hadn't done anything malicious), I wouldn't press charges....
[ more ] [ reply ]
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-03-29
Me (1 replies)
Me (1 replies)
The law is the law. Lamo and the other "ethical" hackers broke it and must suffer the consequences. Perhaps the law will change over time. Perhaps Lamo's actions will cause legislators to look at the law. I doubt it... If Lamo wants to be the sacrificial lamb, then let him have at it. He not o...
[ more ] [ reply ]
[ more ] [ reply ]
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-04-01
Scott Runnels
Scott Runnels
In fact, many convicted and released convicts are in possession of a security clearance. The background checks are usually more intensive and as well, they tend to deal more with "Why they are now," as opposed to who they were before. Just letting you know it does happen.
Regards
Scott A Run...
[ more ] [ reply ]
Regards
Scott A Run...
[ more ] [ reply ]
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-04-01
William W. Bishop
William W. Bishop
While maintaining a presence in the hacking community(it is very useful in fact for preventing break-ins) is necessary to keep up with what script kiddies are doing these days...there is no excuse for testing the integrity of someone else's systems. Testing your own home computer/network is fine, an...
[ more ] [ reply ]
[ more ] [ reply ]
The question is simple, but the answer may be complicated, and becoming more so.
2002-04-01
Anonymous
Anonymous
Sure, what Lamo does is illegal. So are lots of other things. Spam is illegal, to varying degrees in different locales. Last month we witnessed the spectacle of criminal charges (later dropped) against the operator of a site that searches for open mail relays, because his test program happened to...
[ more ] [ reply ]
[ more ] [ reply ]
The first four letters of analogy. . . .
2002-04-01
Ira Wing (2 replies)
Ira Wing (2 replies)
Right.
If one more of you well paid security columnist/consultants brings up the locked-door-of-a-house analogy, I think I'm going to give up the fight.
I am going to say this once.
The reason it is so easy for people like Adrian Lamo . . . and like me . . . to break into your networks ...
[ more ] [ reply ]
If one more of you well paid security columnist/consultants brings up the locked-door-of-a-house analogy, I think I'm going to give up the fight.
I am going to say this once.
The reason it is so easy for people like Adrian Lamo . . . and like me . . . to break into your networks ...
[ more ] [ reply ]
The first four letters of analogy. . . .whaaaat?
2002-04-04
Rick Forno (1 replies)
Rick Forno (1 replies)
I'm not paid as well as you might think, but I do security consulting. Unlike your statement, I -do- care about the real vulnerabilities, but unfortunately, those making purchasing and policy decisions for our companies and government are still inside-the-box, conventional thinkers, no matter how mu...
[ more ] [ reply ]
[ more ] [ reply ]
The first four letters of analogy. . . .whaaaat?
2002-04-17
Anonymous
Anonymous
> But that doesn't give someone carte blanche to go banging
> around/against a company's networks to try and find a way in
> for kicks and grins, either.
I agree. I worry, though, that the current trend in corporate security is to put the money into lobbying instead of hardening systems. In ...
[ more ] [ reply ]
> around/against a company's networks to try and find a way in
> for kicks and grins, either.
I agree. I worry, though, that the current trend in corporate security is to put the money into lobbying instead of hardening systems. In ...
[ more ] [ reply ]
The first four letters of analogy. . . .
2002-04-04
Andy Richmond (1 replies)
Andy Richmond (1 replies)
Gee Ira you're a really neat guy. And all powerful too. Who could possibly have anything to say of value after that tirade?
"If one more of you well paid security columnist/consultants brings up the locked-door-of-a-house analogy, I think I'm going to give up the fight."
You're teasing us ri...
[ more ] [ reply ]
"If one more of you well paid security columnist/consultants brings up the locked-door-of-a-house analogy, I think I'm going to give up the fight."
You're teasing us ri...
[ more ] [ reply ]
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-04-02
M A Nelms
M A Nelms
This is cut-and-dried. Regardless of intent, gaining unauthorized entry is illegal, period. Why you do it is not the issue. The issue is that you do it. And once in, no matter what use you make of the entry, you must still have broken the law to be there.
Companies that are concerned with se...
[ more ] [ reply ]
Companies that are concerned with se...
[ more ] [ reply ]
The Mentality and Psychology behind the White Hat
2002-04-03
Alec (1 replies)
Alec (1 replies)
A white hat or Good Samaritan hacker is really out to provide himself amusement or pleasure as his/her first motive. He will explore networks in the hope that he will find an interesting open port or security vulnerability, just as one might try to rig a vending machine. To use the street analogy,...
[ more ] [ reply ]
[ more ] [ reply ]
The Mentality and Psychology behind the White Hat
2002-04-04
lb
lb
BRAVO! The administrators of these real world companies will and do feel violated. If these WHITE HAT hackers want to do good... then they should be activly seeking advertisment to these companies - to employ their services to TEST the compromisability of corprate America - anybody remember the mo...
[ more ] [ reply ]
[ more ] [ reply ]
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-04-03
Andy Schmitt (kphrakNO@worldofschmittSPAM.ALLOWEDcom) (1 replies)
Andy Schmitt (kphrakNO@worldofschmittSPAM.ALLOWEDcom) (1 replies)
It's easy for an opponent of good Samaritans to give an emotionally charged metaphor like "someone breaks into your house, doesn't touch anything, and then tells you". That is completely non-constructive.
Would it help if you thought of it this way? You left your car in a deserted parking lot i...
[ more ] [ reply ]
Would it help if you thought of it this way? You left your car in a deserted parking lot i...
[ more ] [ reply ]
"...Good Samaritan Hackers" Bad English.
2002-04-05
Andy Richmond (1 replies)
Andy Richmond (1 replies)
Please don't compare "A Good Samaritan" with a hacker. The Good Samaritan is one who saw someone in need and helped when no one else would. The kind of hacker we are talking about is one who goes looking for "need" by poking around where they don't legally belong, supposedly fixing or notifying th...
[ more ] [ reply ]
[ more ] [ reply ]
right..
2002-04-09
Anonymous
Anonymous
So you'd rather we not tell you, get access to everything, and cover our tracks?... You've got to make some allowance. If everyone just did what was deemed right by you or others we wouldn't need laws. Obviously we do... So obviously there will be someone out there on a power trip to try to gain s...
[ more ] [ reply ]
[ more ] [ reply ]
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-04-04
Anonymous
Anonymous
Oh well, all that bitching about ethics and analogies. Why don't they cover their tracks or using someone else computer by hacking into it to prevent detection?
Hackers should learn how to cover their tracks before indulge in any obession to crack any boxes.
My 2 Singapore cents worth~ about U...
[ more ] [ reply ]
Hackers should learn how to cover their tracks before indulge in any obession to crack any boxes.
My 2 Singapore cents worth~ about U...
[ more ] [ reply ]
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-04-04
Anonymous
Anonymous
I think the "intentions" behind a hacker is irrelevant. Breaking into another person's home or computer is a violation of that person's rights no matter WHAT their intentions are.
If a hacker wants to be able to use their skills for security enhancement then they should either get a job ...
[ more ] [ reply ]
If a hacker wants to be able to use their skills for security enhancement then they should either get a job ...
[ more ] [ reply ]
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-04-04
Anonymous
The article is faulted.
good samaritan...
if you are a paramedic and you know how to help someone,
you are actually obliged by the law to help them!
yes, annoying.
so, now you're a security person... and you come across a
site (different from going to LOOK for a site) and you
notice ...
[ more ] [ reply ]
Anonymous
The article is faulted.
good samaritan...
if you are a paramedic and you know how to help someone,
you are actually obliged by the law to help them!
yes, annoying.
so, now you're a security person... and you come across a
site (different from going to LOOK for a site) and you
notice ...
[ more ] [ reply ]
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-04-05
Anonymous
Anonymous
A house and a computer are obviously completely different things.
I aggree with regard to checking the seurity of a house is a bad idea, however web servers and the like offer public services, therefore if a vulnerability is found due to mis typing a url ::: you are not exactly breaking the law ....
[ more ] [ reply ]
I aggree with regard to checking the seurity of a house is a bad idea, however web servers and the like offer public services, therefore if a vulnerability is found due to mis typing a url ::: you are not exactly breaking the law ....
[ more ] [ reply ]
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-04-08
Anonymous (1 replies)
Anonymous (1 replies)
I think the main problem with the whole "white hat" thing is that there's no need whatsoever to violate the law if all you want to do is explore or test a vulnerability. What's so hard about setting up a strictly local test case in your apartment? How difficult is it to set up a small LAN which dupl...
[ more ] [ reply ]
[ more ] [ reply ]
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-04-09
Anonymous
Anonymous
bottom line, thats like setting up your own math problem and then doing it... what fun is that?
and again, i think it would be much more important for the irresponsible admin to learn about his vulnerability through someone with at least some responsibility, rather than after none of his password...
[ more ] [ reply ]
and again, i think it would be much more important for the irresponsible admin to learn about his vulnerability through someone with at least some responsibility, rather than after none of his password...
[ more ] [ reply ]
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-04-10
Anonymous (1 replies)
Anonymous (1 replies)
This article is retarded. How about when I walk around my building looking for unauthorized wireless access points? Sure I'm going to see an ssid but unless I connect to it, I won't be able to see if it's on my network or not. So let's say I walk around, find several open access points and notice...
[ more ] [ reply ]
[ more ] [ reply ]
NOT Accidental
2002-04-14
Anonymous
Anonymous
Nothing we're talking about here is accidental. Hackers aren't just innocently searching for proxies and happen to come upon one that's open. The internet doesn't work that way. You have to expressly contact the server you are examining to elicit any response. Unless the server has a worm and is...
[ more ] [ reply ]
[ more ] [ reply ]
What about the "lurkers"?
2002-04-12
Bob Radvanovsky
Bob Radvanovsky
How about this scenario (read below)?
While bringing into this arena, criminal law -- if Mr. Lamo were to perform a similar act in a non-virtual capacity (as in seeing that the potential victim's house were vulnerbale, and probing further to determine, report and possibly contain those vulnerabil...
[ more ] [ reply ]
While bringing into this arena, criminal law -- if Mr. Lamo were to perform a similar act in a non-virtual capacity (as in seeing that the potential victim's house were vulnerbale, and probing further to determine, report and possibly contain those vulnerabil...
[ more ] [ reply ]
Digital Vigilantism?
2002-04-12
Bob Radvanovsky
Bob Radvanovsky
One more thing that I would like to bring to the attention of those reading these postings:
Though I agree that the need to report to someone's front door may/may not be open, may/may not be locked may/may not be necessary, the fact is, what Mr. Lamo performed would be (otherwise) an act of tresp...
[ more ] [ reply ]
Though I agree that the need to report to someone's front door may/may not be open, may/may not be locked may/may not be necessary, the fact is, what Mr. Lamo performed would be (otherwise) an act of tresp...
[ more ] [ reply ]
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-04-13
Anonymous
Anonymous
Well I really don't mind if other people checks on my system!!. I'll really appreciate if they do, and tell to me if my system is vulnerable from something. I think people who disagree on this matter are those who have too much ego, who think they are too good. And can't accept that there are people...
[ more ] [ reply ]
[ more ] [ reply ]
Beware the Kindness of Strangers: The Case Against Good Samaritan Hackers
2002-04-14
gil@ateliermobile.de
gil@ateliermobile.de
The whole idea of breaking and entering wether someone`s
house or their website illegally is wrong and should not be
encouraged, in whatever shape or form.As to the notion of ethical (intrusion) I can`t buy into that.If you want to be
an ethical hacker join the Open Source movement and you can
h...
[ more ] [ reply ]
house or their website illegally is wrong and should not be
encouraged, in whatever shape or form.As to the notion of ethical (intrusion) I can`t buy into that.If you want to be
an ethical hacker join the Open Source movement and you can
h...
[ more ] [ reply ]
Some Good Samaritan Hackers' Arguments Like Voyeurs' Defenses
2002-04-16
J.D. Abolins
J.D. Abolins
The "I just looked but did not touch" defense of "Good Samaritan hacking" is the ethical sibling of a voyeur's defense. A Peeping Tom might argue "I just kust looked through the window at her. It's not like I touched her. So why prosecute me?"
Why for a non-physical intrusion? Because there is a ...
[ more ] [ reply ]
Why for a non-physical intrusion? Because there is a ...
[ more ] [ reply ]
[ more ] [ reply ]