Re: Vulnerabilites in new laws on computer hacking

[Max Ashton <maxashton () eml cc>]

Here here, Paul.

Worried your test network isn't "real" enough? Make it better! Throw in IDS, 
patch management, whatever. 

As Paul suggested, get your buddies involved. I've seen workshops where people 
are designated "attacker" and "defender", objectives are obvious.

If kids / pro's aren't smart enough to realise the benefits of this kind of 
exercise, they really have no business being in our trade.

I'm with Paul. I don't care *who* you are or how ethical you *think* you are, 
it's not ethical to break into someone else's computer system without 
authorization for whatever reason, and you should be prosecuted for it.

There are ample tools out there to setup a test network ranging from FOSS 
tools like QEMU and commercial stuff like VMWare etc. 

There's no excuse.

Max
> Oh, well that gives me great comfort.  Never mind that I can be prosecuted
> for the breakin because I've violated a law such as GLB, HIPAA, etc. by
> "allowing" a breakin.  I'm glad your friends are so "ethical".  If you only
> think about what's in it for you, you'll always be slanted toward violating
> the law.  Try thinking about the poor victim whose systems you're breaking
> in to.  Put yourself in their shoes and ask yourself, how would I feel if I
> discovered that someone had entered my systems without my knowledge?  Or
> bettter yet, how about if I reach in your pocket and take the keys to your
> car, take it out for a spin, then return it?  Are you OK with that?  No
> hard feelings?
>
> Paul Schmehl (pauls () utdallas edu)
> Adjunct Information Security Officer
> University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu/ir/security/

Attachment: _bin
Description: