Please don't compare "A Good Samaritan" with a hacker. The Good Samaritan is one who saw someone in need and helped when no one else would. The kind of hacker we are talking about is one who goes looking for "need" by poking around where they don't legally belong, supposedly fixing or notifying the victims and then feels like people should feel grateful for their "help."

Again, there is a difference to tripping across a vulnerability through normal use of a system, and trying to find one by hacking it. The former is all anyone should be worried about being legally liable for because that would simply be wrong. Time and energy spend protecting people from over zealous prosecution in this area would be well spent. But as for the later there (Mr. Thankme) is nothing to defend. It is a waste of time and resources to try to weaken the laws in place to accommodate these people.

If one of these "helpful" people were to compromise any of my systems under any pretense, as soon as I knew it I would re load any of the systems that were affected. Anyone who doesn't do the same can not expect to be secure. Thanks for the extra work. It's not like we aren't doing any of our own vulnerability testing. It's that you beat us to the punch and now I have to assume you are rotten to the core, can't be trusted (demonstrated) and that to make sure I'm good I have to reload everything. Sounds like even the White Hat/Cyber-Good-Guy has cost the company some very substantial money by just poking around.

In the end, it should be up to the individual victims to decide if they want to prosecute. And if they do, there can be no whining from the 'leet crowd.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/70/11691#11691