The very fact that this debate is taking place serves to illustrate the unique relationship between security professionals and hackers. No other profession or industry has a parallel that can be drawn. Most computer professionals do not condone your run of the mill web defacers, virii writers, or DDOS desperado's. However, in the case of Lamo (or someone like him) who pulls of a truly unique and inventive hack (hacking major corporate networks with a web browser) there is a level of respect. Throw in to the mix widespread hacker sympathies combined with more than a few hacker-gone-straight pasts, and you get the current convoluted state of the industry.

I doubt that Mr. Ranum will find many people who are not appalled by the proposed legislation that could well see a hacker behind bars for life. Neither do I think that you will find many people who believe that Adrian Lamo is as pure as the wind driven snow, and should be applauded for his digital spelunking.

In becoming a media darling and hacking wunderkind Mr. Lamo has painted a very large target on himself and anyone like him. The odds dictate that not everyone is going to appreciate your "free security audit". I would think that the NYT would be the last network I would muck around with given the highly public and embarrasing breaches of the past. I don't think that they will be patting Adrian on the back any time soon.

My prediction is that with the new crop of draconian legislation coming out of Washington recently you will begin to find more and more computing professionals who do not want to see the book thrown at non malicious hackers. This will probably run exactly counter to the feelings of the uninformed general public and governmental types. I might also suggest that if some of that legislation is successful a little (or a lot) of hacking might be the neccessary protest statement. But hey, that's just my opinion, I could be wrong.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/358/11421#11421