|
|
somebody <x### [at] ycom> wrote:
> > Finding a security weakness and then *not* exploiting it for your own
> > selfish purposes but instead reporting the weakness so that they will
> > patch it justifies it.
> If the end justifies the means, am I to assume you also agree that breaking
> into people's homes to expose their security flaws and pretend-robbing
> people at gunpoint to expose their unprotectedness are also just dandy, and
> moreover a good deed, provided you don't actually steal anything?
Yes, those two things are completely equivalent.
Breaking into someone's home usually causes material damage which costs
money. Breaking into a computer system usually doesn't.
Breaking into someone's home exploits a security flaw which everyone
*already knows*. There's nothing to prove. It's up to the owner of the
house to decide whether he wants to fix it or not. Breaking into a computer
system exploits a flaw which is *not known* by the system administrators.
Such discovered security holes are usually patched as soon as possible
(only stupid sysadmins would ignore such a security hole).
Upgrading the security of a house is expensive. Security upgrades of
a computer system are usually part of the software license (ever heard
of free security patches?)
A malicious robber breaking into a house causes damage to the owner
of that house only. A malicious hacker breaking into a university computer
can potentially cause damage to thousands of people.
Yes, I see how these two situations are completely comparable to each
other.
--
- Warp
Post a reply to this message
|
|