Imagine that you are an admin who detects someone snooping in your network servers. You call in the suits who track the intruder, trace him, then actually make an arrest. Only the guy claims that he is is a 'friendly' hacker. Well maybe he is and maybe he isn't, but you know if there is a hole in the law for friendly hackers, then every bad guy who gets caught is going to go for it. Therefore, the good guys should NOT attempt to intrude unless asked...it is the only way to tell who the good guys really are.

On the other side, if companies want laws that keep out the good guys (it is their right to do so), then they should also be held accountable when they fail to secure their networks by themselves. If I were Jimmy Carter, and a cracker started calling me at home, I'd sue the NYT for failure to properly secure the database. So if someone like the NYT wants to play legal hardball with hackers, that is fine, but they'd better be prepared to accept the responsibilty for their own security or lack thereof.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/358/11479#11479