lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200208191726.03182.ka@khidr.net>
From: ka at khidr.net (Ka)
Subject: Shiver me timbers.

At Montag, 19. August 2002 15:30 aliver@...il.com wrote:
> [...] Does a mechanic
> (hacker) who finds that a gas tank can be easily rigged to explode have an
> obligation to report this finding to a corrupt car company (vendors)?
> Should he give an insurance company (whitehats or ARIS) the results of a
> painstaking analysis of the tank, and how to rig it to explode? Is he
> obligated to give all his research on any related finds away no matter how
> much of his time or energy it took? Would it be right if he rigged a
> serial killer's tank to explode?

We would not have computers and software as evolved as they are,
if we hadn't exchanged help and information from the very beginning.

In the early times, before 'hacker' was being used in it's modern
interpretation, holding back information was a sure sign of
unprofessionality or even incompetence. Everybody _knew_ that
the next bug could very well be discoverd in one's own system.

Of course it's everybody's right to publish or not to publish
anything. But hindering the exchange of know-how among fellow
hackers is just as egocentric as M$ is with it's marketing
strategy.


just my 2 cents after 36 years experience in this realm

Ka


Powered by blists - more mailing lists