After reading a lot of these posts, i've got to say: It's no wonder that Adrian Lamo found all of those security holes in companies networks. If the networks are run by people like you, who are not open to the free (and judging from a lot of the posts that i've seen) more experienced help, then we as the endusers are in for the long haul. Sometimes, the admins forget what they are protecting. People put a lot of stock in the security of their information. Trust is what our business is built on. Trust is what online banking, and e-commerce is built on. Trust in the fact that yes, i am going to send my credit card information and my address to you. And I'm trusting that you won't let anyone else see it. Once the issue goes away from yes their is a security hole to forget the security hole we just want to prosecute the script-kiddie who hacked us then told us, then everything just turns into one big ego trip.

Let me go back to what someone posted earlier. Say that you are the customer at a bank, and you find a security hole. Are you going to not say anything, because you would get in trouble? Or are you going to say something because your life savings are at risk? Granted, not every business is a bank. But, if you think about what types of information are kept in databases on private networks(social security numbers, credit card numbers, names, addresses, etc.), then the need to have your network scanned to probed increases 10x. Forget all of you who have little ego bursts and want to "jail all those hackers". Personally, although i would be angry that someone broke into my network, i also know when i'm beaten. As the saying goes...There will always be someone out there who knows more than you and in the arena of computer/ network security, if they are finding holes that you the admin left open and are willing to tell you about it and fix them, then you are in much better shape then when you started.

Can anyone offer a really valid reason for putting Adrian Lamo, and others like him in jail for being the "good samaritan"?

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/358/11573#11573