Forwarded from: Robert G. Ferrell <rferrellat_private> > "Better that you find out about a hole in your system through my > virus, than through some unethical cracker smashing into your > machine and stealing all your so-called private data," said a worm > writer who asked only to be identified as CAT (for "Criminal and > Anonymous Terrorist"). I'm really tired of this sorry excuse for an argument. Releasing malicious viral code as a "public service" is the equivalent of walking down a neighborhood street with an axe and chopping at every door you pass. If the door collapses, you then explain to the angry resident that they need a stronger door, and that you were only trying to point out their flawed security. "Better that you find out about a weak door through my axe, than through some unethical burglar smashing through your door and stealing all your so-called private property." Allow me to point out some things that I seldom see brought up in discussions about this sort of 'reverse vigilantism:' 1) My security, be it strong or weak, is my business, not yours. If I get broken into by an "unethical cracker," I'll deal with it. Keep your unsolicited advice to yourself. The world is a much more complicated place than you can imagine. Perhaps, if you're lucky, you'll grow up one day and see this for yourself. Simply being able to use exploit scripts, or even mastering 0-day exploit creation, doesn't confer either the necessary wisdom or the moral right to force your notion of security on other people. Just because you're smart enough to build a gun from scratch doesn't mean it's okay to shoot people with it. 2) The 'noble quest for knowledge' that I see so frequently quoted as a rationalization for breaking into other people's systems (badly paraphrased from "The Hacker's Manifesto") is a myth. The only knowledge to be gained from cracking a system in the vast majority of cases is knowledge about personal details stored on the system in question, be it corporate or private, and this knowledge is definitely none of your business, either. Let's just drop this whole "public service" charade and tell it like it is: malicious code writers and Web page defacers are emotional adolescents with poorly developed social consciousness and very, very skewed morality. They get a cheap adrenalin rush from running up behind people when they aren't looking and hitting them with a brick. This isn't a service by any definition of the word, and nor is it doing someone a favor. It's just simple assault. RGF Robert G. Ferrell rferrelat_private - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Jan 09 2002 - 08:49:50 PST