, SecurityFocus 2002-03-25
Should hack-and-tell intruders who warn companies about security holes do time with hardened criminals? Security experts probe the ethics of hacking.
Expand all |
Post comment
Panel Debates Hacker Amnesty
2002-03-26
Anonymous (2 replies)
Anonymous (2 replies)
Panel Debates Hacker Amnesty
2002-03-27
Ichinin (Ichinin (at) suespammers (dot) org [email concealed], TEXT messages only NO HTML)
Ichinin (Ichinin (at) suespammers (dot) org [email concealed], TEXT messages only NO HTML)
If the lady (or guys) pants are unzipped - should we notify?
2002-03-27
How do we handle with care? (1 replies)
How do we handle with care? (1 replies)
A "bad" hacker stumbles upon it, hacks it an damages/abuses/sells important information of the server.
Then the company will have to pay a large amount of money to recover what was lost without tracing back the hacker (if he was a good one).
else
A "good" hacker runs a "security check" (application of various methods to gain access without abusing priviledges or modifying logs) in order to provide the company that owns the server important information regarding its system and its security.
This senario would illustrate an On-line Banking Costumer that discovers that the system is exploitable by a bug he (or someone else discovered). How would he act? If he reports it, then it means he hacked it or gained illegal access. If he doesnt, he leaves his and other customers information available to malicious hackers.
Which would you prefer?
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/358/11446#11446