|
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
"scott" <sco### [at] scottcom> wrote in message
news:48cf65d4$1@news.povray.org...
> > That
> > will teach him to never tell about his hacking again.
> No, that will teach him to actually go ahead and carry out an illegal
> security hack on 32 students, rather than informing the authorities about
> it. How on Earth can you say that installing a disguised magnetic card
> reader to skim cards does not deserve to be punished?
Forget punishment, that's not even the point. Warp and some others think
that *reporting* of the incident was wrong, and that the hacker should have
been rewarded instead, which is an order of magnitude harder to understand.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
> Forget punishment, that's not even the point. Warp and some others think
> that *reporting* of the incident was wrong, and that the hacker should
> have
> been rewarded instead, which is an order of magnitude harder to
> understand.
Yeh, I didn't really understand why Warp said:
"That will teach him to never tell about his hacking again."
When the *telling* about the security hole is not the problem, the problem
is when he actually *did* the hacking on 32 students, and even much worse,
distributed the data to lots of people (and not just the system owners).
I know for sure that I could install a keylogger on my colleagues computer
and get his password. Does that mean that I should be allowed to do it
without permission from the system owners and send the results to my
friends, "for the sake of improving security"? Absolutely no way, not in a
million years.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
somebody <x### [at] ycom> wrote:
> Warp and some others think
> that *reporting* of the incident was wrong,
That's not what I have said. When I have said something like that it has
been pure sarcasm.
> and that the hacker should have
> been rewarded instead
I never talked about rewards (except sarcastically), and that sentence
of yours doesn't even make sense with the firt one.
You are badly twisting what I have said.
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
scott <sco### [at] scottcom> wrote:
> Yeh, I didn't really understand why Warp said:
> "That will teach him to never tell about his hacking again."
Do you understand what the concept "sarcasm" means?
> I know for sure that I could install a keylogger on my colleagues computer
> and get his password. Does that mean that I should be allowed to do it
> without permission from the system owners and send the results to my
> friends, "for the sake of improving security"? Absolutely no way, not in a
> million years.
And exactly what are you doing to prevent some malicious person from
doing so? Are you simply taking a "not my problem" stance?
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
"Warp" <war### [at] tagpovrayorg> wrote in message
news:48cfc9e8@news.povray.org...
> somebody <x### [at] ycom> wrote:
> > Warp and some others think
> > that *reporting* of the incident was wrong,
> That's not what I have said. When I have said something like that it has
> been pure sarcasm.
> > and that the hacker should have
> > been rewarded instead
> I never talked about rewards (except sarcastically), and that sentence
> of yours doesn't even make sense with the firt one.
>
> You are badly twisting what I have said.
At different times, you said
"No good deed goes unpunished."
"Finding a security weakness and then *not* exploiting it for your own
selfish purposes but instead reporting the weakness so that they will
patch it justifies it."
"Basically the situation is that the sysadmins *benefited* from the
hacking, and as a reward, the university sues the person who performed
the hacking."
...etc
If there's sarcasm, and there seems to be, it's in the opposite direction
(ie directed at the expense of the university administration, for their
"mishandling" of the situation). It's of course possible that I'm reading it
all wrong and you in fact believe that the hacker did a bad thing, in which
case I apologize and take back what I said, but interpreting those quotes as
something other than suggesting that he did a good deed, it was a favour to
sysadmins, and if anything, he should have been rewarded, sounds like a
stretch.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> I know for sure that I could install a keylogger on my colleagues
>> computer
>> and get his password. Does that mean that I should be allowed to do it
>> without permission from the system owners and send the results to my
>> friends, "for the sake of improving security"? Absolutely no way, not in
>> a
>> million years.
>
> And exactly what are you doing to prevent some malicious person from
> doing so? Are you simply taking a "not my problem" stance?
Pretty much, yes, IT know the risk of the above and they have decided it's
not worth doing anything extra, like putting bars on the windows, CCTV in
all the offices, or reformatting the hard discs every night. If I came
across another security hole I didn't think they were aware of, of course I
would inform them about it.
Like when someone nearly got their laptop stolen and I kept on about getting
them all encrypted. I didn't go and actually steal someones laptop then
email confidential data to IT, I just informed them about the hole. Now
it's fixed and I didn't need to do anything illegal.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
scott <sco### [at] scottcom> wrote:
> IT know the risk of the above
Well, that's one fundamental difference.
What if you discovered a security hole which your IT staff doesn't know of?
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
somebody <x### [at] ycom> wrote:
> At different times, you said
> "No good deed goes unpunished."
That's not the same thing as "his deed should have been rewarded".
> "Finding a security weakness and then *not* exploiting it for your own
> selfish purposes but instead reporting the weakness so that they will
> patch it justifies it."
Still nothing about rewards.
> "Basically the situation is that the sysadmins *benefited* from the
> hacking, and as a reward, the university sues the person who performed
> the hacking."
Sarcasm. Doesn't mean "they should have rewarded him with something
positive".
> If there's sarcasm, and there seems to be, it's in the opposite direction
> (ie directed at the expense of the university administration, for their
> "mishandling" of the situation).
What I meant was that IMO the lawsuit was probably an exaggeration.
> It's of course possible that I'm reading it
> all wrong and you in fact believe that the hacker did a bad thing
No, you said that in my opinion "the hacker should have been rewarded
instead". I never said anything like that.
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> IT know the risk of the above
>
> Well, that's one fundamental difference.
>
> What if you discovered a security hole which your IT staff doesn't know
> of?
You should learn to read the whole post before replying ;-)
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Nicolas Alvarez wrote:
> John VanSickle wrote:
>> and if nothing happens, move out.
>
> And the problem remains unsolved.
The person who does as I advise solves his own problem. Believe it or
not, you do not have the right to solve other people's problems; it is a
privilege obtained with their consent.
Regards,
John
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |