|
 |
On 14-Sep-08 16:50, somebody wrote:
> "andrel" <a_l### [at] hotmail com> wrote in message
> news:48C### [at] hotmailcom...
>> On 14-Sep-08 5:43, John VanSickle wrote:
>>> Doctor John wrote:
>
http://www.canada.com/ottawacitizen/news/city/story.html?id=25110a8f-a73a-43a0-a2a5-1daa08d147d1
>
>>> It is not substantively different from a situation where you live in an
>>> apartment for which the landlord has failed to install adequate door
>>> locks. You cannot break into other people's apartments in order to
>>> demonstrate the inadequacy of the existing security. You tell the
>>> landlord, advise the tenants, and if nothing happens, move out.
>
>> It is the same sort of wrong comparison that 'somebody' made. The
>> difference is that this vulnerability is known and hacking a system
>> often involves a new exploit that is unknown to the owners. A better
>> comparison might be a house owner with a large fence around his house
>> with spikes on top. One day a guy walks up to him and says: 'You know
>> that large tree on your property, that has very long branches reaching
>> over the fence. I was walking past that and though it might be a easy
>> access to your property. I tried the largest low hanging branch and
>> indeed it could easily support me.' After which the house owner calls
>> the cops and have him arrested for breaking into his property.
>
> Good for him. I'd call the cops too. What's it his business entering my
> property? "I was walking by" doesn't make sense either. Nobody walking by
> "accidentally" climbs a tree. And if he was really concerned for my safety,
> why not come point out to me the branch *without* violating the law?
1) if the branch is weak enough there is no danger, so no need to call
2) as you failed to notice, I never said he entered the property. You
(and my fictional character) assume that he did, just as the assumption
in our case here is that the student was doing something malicious. (yes
I come to that later)
>
> That it was easy to do or that the owner failed to perfectly secure
> something is not an excuse for breaking the law. Where do you draw the line?
> If the guy had to use a ladder to get to a branch, would you then willing to
> consider it a crime? If the guy had to use a helicopter to land on the tree
> or the property, would you consider that a crime now? See, there are always
> ways to compromise a property or a system if you have a criminal mind.
> Unless the suspect can show that he went into the property by mistake during
> his daily walk, and if the property owner did not draw a line around his
> property, then I'd let him go. Otherwise, if he's made an effort to climb a
> tree, use a ladder, use a helicopter... etc, it's clear what he intended to
> break the law, clear and simple.
>
>>> Consider for a moment the results of allowing people to hack first, and
>>> then report the results of their hacking. People who are hacking for
>>> criminal reasons will, if caught, claim that as a defense.
>
>> Not necessary, the guy in question apparently had no criminal intentions
>
> What do you call breaking the law?
The student had apparently no intention to cause harm to the system or
gain himself or anybody else anything by the act. The only reason you
may call him a criminal is that there is a law there that should have
been different. As a student you may excuse him for not yet knowing that
some laws don't make sense and can be used in perverse ways. In this
case a law that was intended to prosecute malicious hackers is misused
to protect an incompetent sysop at the expense of a naive student.
Aside: I don't know about your place, but here we consider somebody
innocent until proven to have broken the law.
>> I can understand your position, but I also know that there is a large
>> group of systems that is not adequately protected. If the system will be
>> hacked mostly third persons will suffer the consequences. Protecting the
>> sysops with a law that prohibits hacking will increase the problem.
>
> False dichotomy again. Why do you assume that the system will be hacked by a
> third person? It's a matter of opportunity, means and motive, and not all
> are present for anyone on the street. Clairvoyance defenses like that don't
> work, and with good reason. If you see someone speeding down the street, are
> you given a free pass to ram him? After all, he's going to get into an
> accident, right? And it's better that at least the other side anticipates
> the accident...
>
Either you did not understand what I said, or you have absolute no idea
how the world works.
BTW I consider this discussion closed as far as I am concerned. I feel
very uncomfortable talking to a 'somebody' with an e-mail address of
'x### [at] ycom'. Feel free to start a new tread on anonymity in our newsgroups.
Post a reply to this message
|
|
