lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <200208191726.03182.ka@khidr.net> From: ka at khidr.net (Ka) Subject: Shiver me timbers. At Montag, 19. August 2002 15:30 aliver@...il.com wrote: > [...] Does a mechanic > (hacker) who finds that a gas tank can be easily rigged to explode have an > obligation to report this finding to a corrupt car company (vendors)? > Should he give an insurance company (whitehats or ARIS) the results of a > painstaking analysis of the tank, and how to rig it to explode? Is he > obligated to give all his research on any related finds away no matter how > much of his time or energy it took? Would it be right if he rigged a > serial killer's tank to explode? We would not have computers and software as evolved as they are, if we hadn't exchanged help and information from the very beginning. In the early times, before 'hacker' was being used in it's modern interpretation, holding back information was a sure sign of unprofessionality or even incompetence. Everybody _knew_ that the next bug could very well be discoverd in one's own system. Of course it's everybody's right to publish or not to publish anything. But hindering the exchange of know-how among fellow hackers is just as egocentric as M$ is with it's marketing strategy. just my 2 cents after 36 years experience in this realm Ka
Powered by blists - more mailing lists