, SecurityFocus 2002-03-25
Should hack-and-tell intruders who warn companies about security holes do time with hardened criminals? Security experts probe the ethics of hacking.
Expand all |
Post comment
Panel Debates Hacker Amnesty
2002-03-26
Anonymous (2 replies)
Anonymous (2 replies)
Panel Debates Hacker Amnesty
2002-03-27
Ichinin (Ichinin (at) suespammers (dot) org [email concealed], TEXT messages only NO HTML)
Ichinin (Ichinin (at) suespammers (dot) org [email concealed], TEXT messages only NO HTML)
If the lady (or guys) pants are unzipped - should we notify?
2002-03-27
How do we handle with care? (1 replies)
How do we handle with care? (1 replies)
Do you turn around, slap them in the face and get your keys?
I think the normal response would be "thanks" and to then retrieve your keys and lock the door.
The response may be a little different if the stranger had opened your car, sat down inside, retrieved your keys and then brought them to you.
This is the world we live in, the Internet with loads of servers storing all of our personal and business information. Technology changing daily, vulnerabilities and those exploiting them increasing just as fast.
I would be thankful if hacker came along and pointed out that my Administrator password was set to "password" or better still, no password set. I might be tad embarrassed, but thankful.
Why would I be thankful. Someone with malicious intent could steal and delete my data. Use my network to attack others, for which I might be held responsible. Assume the identity of a user on my network and send damaging email from my company. The information that might be viewed or stolen from my network could belong to my clients (or other innocent parties) and cause them harm because my network is not secure.
So...to those who want a blanket rule to prosecute hackers...would you want your bank account, personal email and details to be violated, stolen or used because a hacker did not expose a vulnerability to the relevant parties?
I'd go with the responsible, ethical hacker.
A hacker that is "playing around" on my network after a vulnerably has been discovered is asking for trouble.
I don't have any sympathy for a company that is given adequate warning about a vulnerability and takes no action. If they are then publicly exposed that's their problem. They could potentially be exposing my details and data. It could be my bank.
South African companies, take heed.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/358/11447#11447