lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 27 Jan 2013 17:00:56 +0000
From: Dan Ballance <tzewang.dorje@...il.com>
To: Benji <me@...ji.com>
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>,
	"Valdis.Kletnieks@...edu" <Valdis.Kletnieks@...edu>
Subject: Re: Student expelled from Montreal college after
 finding vulnerability that compromised security of 250, 000

It depends on what your objective is. If it is to educate young people and
help them to develop into responsible adults,  then I think exclusion was
the wrong choice. It seems likely to me that by excluding this young person
they are just creating the next hacker to go and work for some dodgey
organised crime outfit. Why not have a security team that consists of staff
and volunteer students who together could assess network security? It
sounds like he has an interest in security topics. Imho educators are there
to inspire and channel young people - even young people who are wandering
into difficult territory. Anyways, that's my take it :)
On 27 Jan 2013 16:46, "Benji" <me@...ji.com> wrote:

> Arbitrary moral compass? Amazing.
>
> Please, explain the morals behind finding a bug, reporting it, getting a
> slap on the a wrist, and then running a vuln scanner against the site? If
> his true intent was to see if it was fixed, I would suggest that he checked
> it with the finesse, logic and precision that I would expect from a baby
> with a hammer.
>
> Morals would tell you to ask, logic would tell you to ask, common sense
> would tell you to ask before the last step, especially after being told off
> and AGREEING to the colleges code of conduct aka morals. If he didn't agree
> with them he shouldn't have agreed to them.
>
> 'My banks interest rates seem immoral, I will only pay 6%'. Let me know
> how that logic works out for you.
>
> Pretending that this guy is more than an idiot is astounding.
>
> Do you want your university students to follow the law, or does the law
> not matter if the morals behind it are fine in someone's opinion?
>
> 'I robbed the bank and shot the guard, but don't worry it was to keep up
> on my mortgage payments to house my family'
>
> Who uses Acunetix anyway?
>
> As far as I can tell, this argument is now debating opinion which is
> inherently stupid.
>
> Sent from my lack of morals, and about 3 cans of taurine/caffeine
>
>
> On 25 Jan 2013, at 22:29, Dan Ballance <tzewang.dorje@...il.com> wrote:
>
> My point being, a degree in computer science should reflect the student's
> ability in computer science - not compliance with some arbirary moral
> compass dreamt up in a university board somewhere.
>
> Who gave these university beaurocrats the power to exclude this young
> person from the education system?  Why is their moral compass deemed to be
> correct?  I thought university lecturers held positions due to their
> talents in their respective susbjects - not becuase of their ability to
> implement social policy?
> On 25 Jan 2013 17:40, "Jeffrey Walton" <noloader@...il.com> wrote:
>
>> On Fri, Jan 25, 2013 at 12:07 PM,  <Valdis.Kletnieks@...edu> wrote:
>> > On Fri, 25 Jan 2013 09:57:51 +0000, Dan Ballance said:
>> >
>> >> ...
>> >
>> > Doesn't matter if he ends up a corporate knob or a freedom fighter.  If
>> > he says "I promise to XYZ" you want him to be trustworthy on said
>> promise.
>> >
>> > You might want to ask the guys in Anonymous who got ratted out by one
>> > of their own how they feel about the word "trustworthy" regarding the
>> > rat who said "I promise not to rat you out".
>> :)
>>
>> There is no honor among thieves (or corporations, or lawyers, or...)
>>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ