Re: Civil Disobedience

From: Jordan (jordanfat_private)
Date: Tue Oct 16 2001 - 15:41:45 PDT

Next message: Thorat_private: "Blackhat Amsterdam 2001 Training"

Previous message: leon: "RE: pop3 exploit????"
In reply to: j03: "Re: Civil Disobedience"
Next in thread: TD - Sales International Holland B.V.: "Re: Civil Disobedience"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Seeing as it seems to be "Rehash old arguments without contributing anything
new"-week, here's my contribution.

This raises another fun issue. Is the person who helped the cracker who
cracked you also responsible for the cracking that ensued. Would it be
better if we stopped discussing vulnerabilities publicly, and only gave the
bare minimum, (ie. there's a new vuln in IIS, download the patch). Major
players in the security industry seem to think this is better...what's your
take on the matter...Scott Culp is advocating this, read his take on this at
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/s
ecurity/noarch.asp. Apparently we're all information anarchists....well
don't we feel sheepish...

My opinion is this:
If that guy hadn't been helped on this wonderful list, then you may not have
been cracked by him, but if your box was vulnerable then it would only have
been a matter of time...at least with the public discussion of the
vulnerability, you can't say you weren't warned...I see no problem with
educating people. As long as it's not too specific (Q: Hey vuln-dev, I have
a question, how can I break into www.ebay.com. A: Well, just type...). I
think that forbidden knowledge is much more dangerous than public knowledge.

jordan

----- Original Message -----
From: "j03" <j03at_private>
To: "Joe Shaw" <jshawat_private>; "Hire, Ejay" <Ejay.Hireat_private>
Cc: "'br0ken halo'" <x_burningat_private>; <vuln-devat_private>
Sent: Tuesday, October 16, 2001 12:08 AM
Subject: Re: Civil Disobedience

> I was crackd by someone who posted a question on here.  Its amazing to
watch
> how they ask for help on things, receive the help, then apply it to your
> box.
> ----- Original Message -----
> From: Joe Shaw <jshawat_private>
> To: Hire, Ejay <Ejay.Hireat_private>
> Cc: 'br0ken halo' <x_burningat_private>; <vuln-devat_private>
> Sent: Monday, October 15, 2001 8:31 PM
> Subject: RE: Civil Disobedience
>
>
> >
> > On Mon, 15 Oct 2001, Hire, Ejay wrote:
> >
> > > Don't you think "hacking is a victimless crime" is a bit soft?  I
> > > agree it doesn't merit life inprisonment, but it still has an impact
> > > on its' victims.
> >
> > Crackin is never a victimless crime.  Someone owns the compromised
> > systems.  I've personally spent more time restoring/securing systems
after
> > a compromise because people didn't implement adequate security measures
> > than I'd ever want to.
> >
> > Yours in freedom and liberty,
> > --
> > Joseph W. Shaw II
> > Network Security Specialist/CCNA
> > Unemployed.  Will hack for food.  God Bless.
> > Apparently I'm overqualified but undereducated to be employed.
> >
> >
> >
>

Next message: Thorat_private: "Blackhat Amsterdam 2001 Training"
Previous message: leon: "RE: pop3 exploit????"
In reply to: j03: "Re: Civil Disobedience"
Next in thread: TD - Sales International Holland B.V.: "Re: Civil Disobedience"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Oct 17 2001 - 11:43:48 PDT