|
|
"Warp" <war### [at] tagpovrayorg> wrote in message
news:48cbefd0@news.povray.org...
> somebody <x### [at] ycom> wrote:
> > > Finding a security weakness and then *not* exploiting it for your
own
> > > selfish purposes but instead reporting the weakness so that they will
> > > patch it justifies it.
> > If the end justifies the means, am I to assume you also agree that
breaking
> > into people's homes to expose their security flaws and pretend-robbing
> > people at gunpoint to expose their unprotectedness are also just dandy,
and
> > moreover a good deed, provided you don't actually steal anything?
> Yes, those two things are completely equivalent.
>
> Breaking into someone's home usually causes material damage which costs
> money. Breaking into a computer system usually doesn't.
You can break into a house without costing material damage. Ever head of
picking locks? Does that legitimize it?
> Breaking into someone's home exploits a security flaw which everyone
> *already knows*.
No. Do you know how secure your lock is? Do you know how long it takes to
pick it? I'm doing you a service by demonstrating how easy it is.
> There's nothing to prove.
Ah, that's the crux of the matter: A hacker proves his superiority!
> It's up to the owner of the
> house to decide whether he wants to fix it or not. Breaking into a
computer
> system exploits a flaw which is *not known* by the system administrators.
Whether it's known or not known or in the process of being fixed or not is
completely irrelevant. Hacking is a crime, same as lockpicking without
owner's consent.
If the admins invited him to hack, that would be fine. As it is if you
invite a locksmith to pick your lock.
> Upgrading the security of a house is expensive. Security upgrades of
> a computer system are usually part of the software license (ever heard
> of free security patches?)
Again, completely immaterial how expensive or cheap it is to fix something.
Having said that, it's not necessarily cheap to fix security flaws either.
> A malicious robber breaking into a house causes damage to the owner
> of that house only. A malicious hacker breaking into a university computer
> can potentially cause damage to thousands of people.
That makes no sense whatsover. If anything, you are legitimizing breaking
into institutions instead of houses. Maybe I should change my example to
breaking into a business, a hospital, a school, a military bases... etc. I'm
sure courts will then give me even bigger medals of honour for doing the
public a service which affects many more people.
Post a reply to this message
|
|