>raises hand< Well if you mean computer criminals, they are going to jail every day. Hopefully getting sued for damages in civil court too. Crime should be punished.

I have an argument that can't possibly be refuted, or labeled in any way as a self serving rant (sorry Marcus) for all of you that feel that crackers and computer criminals are the good guys that help find vulnerabilities so we can waste time fixing them by exploiting people's networks and causing innumerable monetary damage.

Let's put it into the context of kiddie porn. The parents haven't secured their children properly. They don't know how. They are in the house, but are they _really_ secured? How about when they walk home from school?

I'd say the kids are vulnerable when they are walking home from school, and at home with the little camera they bought, that their parents don't know is there, when in the house. They are vulnerable when they are on AIM and MySpace.

Is the pervert that exploits them (for fun or profit) justified, because the kids are vulnerable?

If you say that a script kiddie is somehow justified in exploiting a computer, how is it any different from the pervert? Oh but the kid is harmed and scarred for life you might say.

What about the IT manager that loses his job and can't get another because he's the guy in the news story? How are his kids any less harmed now that they can't go to college?

I can load up a high tech sniper rifle and shoot you in the chest, killing you from 1000m away. Is it your fault you aren't wearing a bullet proof vest? You know it could happen, yet you don't wear the vest.

Should I be punished for exploiting that vulnerability?

Criminals are criminals, whether they are criminals from a keyboard, child pornographers, or behind the scope of a rifle.

I'm sorry but Marcus is right. Anyone that thinks he's not, that ruining people's lives is cool, needs their head examined.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/334/33804#33804