Home   Groups   Digests   Personalise   Search   Login
  POV-Ray : Newsgroups : povray.off-topic : White hat? Black Hat? : Re: White hat? Black Hat? Server Time
10 Oct 2024 08:20:41 EDT (-0400)
  Re: White hat? Black Hat?  
From: Warp
Date: 13 Sep 2008 12:43:15
Message: <48cbeda3@news.povray.org>
 
somebody <x### [at] ycom> wrote:
> "Warp" <war### [at] tagpovrayorg> wrote in message
> news:48cbd5e0@news.povray.org...
> > somebody <x### [at] ycom> wrote:

> > > The question you should be asking is, did anyone ask you to fix their
> > > security in the first place? Spend your time and energy on things that
> there
> > > is a demand for, not on things that you are unwelcome to do.

> >   It's exactly that kind of bastard mentality that causes all the
> > ridiculous lawsuits.

> No, it's the type of mentality that keeps a civilized society running. If
> the society approved of people who sought to fix the problems they perceived
> on others their own way, we would go back to lawlessness and every man fend
> for himself.

  Wait a minute. You are talking as if this person had pointed out what
he thought was a personality flaw on someone and got scolded because of
being impolite.

  No, he spotted a technical security flaw in the computer system, and
pointed it out so that it could be fixed, so that the system would be
more secure for everyone (for the university, the students and himself).
Sure, he was actively searching for flaws, but his intention clearly were
not malicious. There would thus be two options:

1) He "obeys the law", doesn't try to hack the system, the security flaws
get unnoticed, and at some point a malicious cracker will exploit the
system because it was never fixed. The malicious cracker is probably from
southern Asia or eastern Europe or whatever, will never get caught and
will never get punished, and if he made serious damage to the system
both the university and the students will suffer from this. The only one
who wins in this situation is the malicious cracker.

2) He searches for security flaws because it's his hobby, and if he finds
one, he reports it so that it will get fixed. If it gets fixed, luckily
no crackers will ever exploit the flaw, and the data will be secure and
nobody will suffer. Except for this person who made the report. The only
loser in this situation is the one who helped finding the security hole.
This will teach him a lesson: Next time he will *not* report any flaws
he finds, so they will not get fixed, and we are back at option 1.

  And the world is again a better place to live.

-- 
                                                          - Warp


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.