| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Jan 2012 15:16:19 -0500 From: Benjamin Kreuter <ben.kreuter@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Rate Stratfor's Incident Response -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Thu, 12 Jan 2012 18:29:42 +0000 Giles Coochey <giles@...chey.net> wrote: > On 12/01/2012 18:12, Laurelai wrote: > > My suggestion that they should hire these kids was meant to imply > > that as bad as they are they probably are more ethical than the > > people they are attacking since they aren't storing all sorts of > > sensitive user data in plain text and telling people its all safe. > > Hell NO! Wouldn't trust anyone who broke into my company like that. > If they contacted me I'd be straight onto law enforcement to report > them for trying to blackmail me. I am not sure it really counts as blackmail if someone says, "I just downloaded these secret files from your computer system," unless they follow up with, "If you do not pay me, I will release this to the general public." Frankly, someone who simply releases these documents to the public is not nearly as unethical as someone who tries to quietly sell the documents on the black market. We should not be making the mistake of thinking that someone who cracks a security system without permission is necessarily evil or has evil intentions, and the ethical violation is very minor. Really, calling it "breaking in" is a stretch. You connected a computer to a publicly accessible computer network, where anyone can send anything to your computer. If hacking such a system is "breaking in," you might as well claim that shouting across your neighbor's yard is "breaking in." The law is not going to stop the really bad people from attacking your system, nor is it going to stop them from profiting from whatever access they gain; sending law enforcement after someone who reports problems to you accomplishes little and only discourages people who might try to help you. - -- Ben - -- Benjamin R Kreuter UVA Computer Science brk7bx@...ginia.edu - -- "If large numbers of people are interested in freedom of speech, there will be freedom of speech, even if the law forbids it; if public opinion is sluggish, inconvenient minorities will be persecuted, even if laws exist to protect them." - George Orwell -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iQIcBAEBCgAGBQJPDz+ZAAoJEOV0+MnZK9ijLG4P/jzrPWpVe/UNPMEZDNEFGIS6 G+qumaR5t12YePhOxn1gZYiOor2PyWp/O3BYhOXqiu3yi74q9PVBroLjHWI+i3gd kdTtEu7SjuxHdKnPRyeeXS9HghlYcGgXUOlnzeXn0+pPM+QeF17zjHSYGWa+PujR sKJD13wKXjuokQxKM0hbsH4V+TkmTEiqVPQ+dJQMF0v2tT7wzoDQz7qI+Mku6BsL Emtr9m4M9rV+1eS1cb982qOyC+xNrdmRwyFTACz8eW74ibzothtqlaVmc1fhg6Z0 Ue+xhleVAug2bNqNMTIvrHjSgmNbY+ZfknEdg3QCvKltOWcRMH7qJFcIlsHB3dCL TyJEhbtq5uElgAPEfQdTKyxCf8pclzQ14bZDYgxAj7HP1HQFJ0FzgFf0vmZKuLDf N641nxQq5j3fk4NekIn+b2//C+Ok/4/EhPugQZhKy49xccE1jKI+AXgQJD1ZT4OS /KM7ai/0YLruTVPgznKZFDYrxypJt3wJugaurJz1GCXE7biOdh04/5zdbR2RmACk XyOltAtVx2PQ5gQGCfd1yQz1H/Umgme+YgbzyINrL6a58QZJXXgY6ue803z5sbie cn+O11QPvRmYOaDUeO2AxnKiejGKY0ggRFHWXizSnvvh6PZuZLkAvVfM8YYWTba6 ghSPa6H5eVunCImlBHGk =rSlC -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists