Security hole exploiting and AO
Latley there has been posted a few tutorials explaining how to exploit certain security holes in software and web-sites.
I wonder if AO's members by doing this are helping crackers, making it easier for them to do a successful crack. Perhaps it may be wise to leave out some details, so the tutorial actually wont work the way it's written, but only explains the security hole. Or should all juicy details be included?
May I have your opinion, ladies and gentlemen?
Re: Security hole exploiting and AO
Quote:
Originally posted by proactive
Latley there has been posted a few tutorials explaining how to exploit certain security holes in software and web-sites.
I wonder if AO's members by doing this are helping crackers, making it easier for them to do a successful crack. Perhaps it may be wise to leave out some details, so the tutorial actually wont work the way it's written, but only explains the security hole. Or should all juicy details be included?
May I have your opinion, ladies and gentlemen?
Well, the problem here is that the door DOES swing both ways. I can see it could cause problems if crackers are able to use the information for their own benefit, but also think that posting the juicy details could help a programmer shape up his or her code, or a SysAdmin lock down his or her network.
As long as there are some people benefiting for the good, then I have no problems with having exploits detailed.
I understand though, that in the context of a tutorial, it might be better to write tutorials from the standpoint of 'this is how to prevent these exploits from working', etc..
Personally, I think posting code that is entirely malicious is way over the line. AntiOnline bills itself as a site that is geared towards helping people understand how to protect themselves from crackers, yet it's allowable for malicious code to be posted in the forums with no recourse?
To me, that's only promoting script-kiddies. It's tantamount to saying "Here's a script that will hack hotmail for you. Download it and run it!"
exploiting security holes?