If Lamo and others want a little PR by finding old vulns in Fortune 500 organizations than so be it. But I find it amusing that, "Lamo has made it clear that his personal code of conduct keeps him legitimate and free from prosecution". What kind of code keeps you free from prosecution? The Lamo code of course. I would like to subscribe to it. If anyone knows where I can find it please post?

The term ethical hacker or good samaritan is questionable. At best stick with grey hat, swaying a little on the black side.

In the public realm, Lamo and others like him haven't done harm yet, but wait until something goes wrong, such as an accidental paid transaction or a DoS attack at the same time. Last one that touched it will get the blame.

Finally, seeing that door is open in the bank and calling is a little different than going through the window of the bank, sneaking around the teller booth to see that the vault is open.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/70/11501#11501