Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Rate Stratfor's Incident Response
From: Benjamin Kreuter <ben.kreuter () gmail com>
Date: Thu, 12 Jan 2012 15:16:19 -0500

Hash: SHA512

On Thu, 12 Jan 2012 18:29:42 +0000
Giles Coochey <giles () coochey net> wrote:

On 12/01/2012 18:12, Laurelai wrote:
My suggestion that they should hire these kids was meant to imply
that as bad as they are they probably are more ethical than the
people they are attacking since they aren't storing all sorts of
sensitive user data in plain text and telling people its all safe.

Hell NO! Wouldn't trust anyone who broke into my company like that.
If they contacted me I'd be straight onto law enforcement to report
them for trying to blackmail me.
I am not sure it really counts as blackmail if someone says, "I just
downloaded these secret files from your computer system," unless they
follow up with, "If you do not pay me, I will release this to the
general public."  Frankly, someone who simply releases these documents
to the public is not nearly as unethical as someone who tries to
quietly sell the documents on the black market.  We should not be
making the mistake of thinking that someone who cracks a security
system without permission is necessarily evil or has evil intentions,
and the ethical violation is very minor.

Really, calling it "breaking in" is a stretch.  You connected a
computer to a publicly accessible computer network, where anyone can
send anything to your computer.  If hacking such a system is "breaking
in," you might as well claim that shouting across your neighbor's yard
is "breaking in."  The law is not going to stop the really bad people
from attacking your system, nor is it going to stop them from profiting
from whatever access they gain; sending law enforcement after someone
who reports problems to you accomplishes little and only discourages
people who might try to help you.

- -- Ben

- -- 
Benjamin R Kreuter
UVA Computer Science
brk7bx () virginia edu

- --

"If large numbers of people are interested in freedom of speech, there
will be freedom of speech, even if the law forbids it; if public
opinion is sluggish, inconvenient minorities will be persecuted, even
if laws exist to protect them." - George Orwell
Version: GnuPG v2.0.14 (GNU/Linux)

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]