April 23rd, 2002, 01:32 PM
Hacking to prove a point?
I was reading through some news this morning and I stumbled across this article:
It's about a defacement that occurred on the US Space and Naval Ware Systems Command web site. The Midwest Express airline customer database was compromised and some of the material was made public on the US Navy site.
The article got me to think about something - the defacers that were responsible for the attack claimed that they had warned the admins in the past several times but with no respone, so they took drastic measures. I wanted to get all of your opinions - do you feel that is okay or appropriate to take drastic measures such as defacements or other attacks in order to get the attention of admins, the public, etc? Is it okay to committ a crime in order to get someone's attention to a potentially large problem?
Thanks for your time guys...
April 23rd, 2002, 01:38 PM
i think it all counts on the case at hand... as for this one i think it was okay because the problem should been fixed the first time they were notifyed. as for crimes in general... thats like someone whos anti-gun takeing a gun and shooting someone to prove that they are a bad thing..... get my point?
[shadow]i have a herd of 1337 sheep[/shadow]
Worth should be judged on quality... Not apperance... Anyone can sell you **** inside a pretty box.. The only real gift then is the box..
April 23rd, 2002, 02:32 PM
This question has been discussed before, and I agree with someone who enters a system warning the admin to take precautions, i also understand when someone doesn't warns the admin (as long is no damage done), due to some stupid admins that call the feds for someone who is just trying to help out.
But for defacing to call the attention when something is not right, I do not agree with it at all...
Maybe try to reach the admins boss, or something, but not defacing it. ( agree with what NetSyn said about crimes in general...)
that's just my 2 cents, thou.
April 23rd, 2002, 02:39 PM
I think they were wrong on all counts. They shouldn't have been on someone else's system without permission. Second, they were wrong for doing the defacement. If the Admins don't want their help, they should've let it go.
For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
(Romans 6:23, WEB)
April 23rd, 2002, 02:52 PM
I'm with the preacherman on this one, you don't break into someones house just to make them lock thier doors.
April 23rd, 2002, 03:37 PM
I must say I agree totally with thor and preacherman.
\"The purpose of abstraction is not to be vague, but to create a new semantic level in which one can be absolutely precise.\"
- Edsger Dijkstra
April 23rd, 2002, 03:48 PM
Defacements are stupid. Plain and simple. I agree that the site should have been secured, but defacing is just stupid. There are other ways to prove to an admin that his box is weak. If you have to, tell them at xxx time you are going to enter their system, and want them to see this, so they believe you. If they still don't secure it, forget about it. That is their fault if some script kiddie or other lamer wants to try and make a name for themself by defacing the site.
\"Ignorance is bliss....
but only for your enemy\"
April 23rd, 2002, 03:52 PM
the guyz had reported the prob right?... Thats the best thing theye can do.. Its up to the admins to fix it or not.
Attitude is a small thing that makes a BIG difference.
April 23rd, 2002, 04:11 PM
I think that it is wrong for someone to deface a website just to make a point. If you brake a law the judge doesn't care way you did it, on if you did or not. I am an admin at my company and "IF" i was to get a e-mail or phone call from someone unknown to me about our network I would look into it. that's it for now.
Computers make sense people
April 23rd, 2002, 04:11 PM
I look at it like this. And I am shocked at how many people feel differently.
If someone noticed that I left my window wide open, I would want them to tell me. I would not call the cops on the person, and complain like a little bitch that he looked in my window. How can I hold someone at fault for walking up the street and noticed my window was open? I was the idiot that left my window open in the first place. He was nice enough to let me know before someone decided to break into my house, and possibly pull a gun out and kill me. That person did nothing wrong, they were being a good simaritan by informing me about my window. No harm was done. And that was nice of them.
Now I can be a jerk. And start accusing the person of looking in my window. I can call the cops and press charges saying the guy must be a peeping tom. The only reason I would do that is because I am trying to shift the embarrassment of me leaving my window wide open like an idiot, on to someone else. Which is bullshit. There is nothing wrong with that guy warning me that I left my window open. And if I try to get the guy in trouble with the law, that says a lot about me as a person.
Now if the guy goes in my window and steals something, it is another story. But there is that line that shouldn't be crossed. If you see that someone has an open server then by all means I think it is 100% OK to notify the admin about it. If you exploit the vulnerability, then you crossed the line. You are warning the person for a reason, and if you become that reason, then you suffer the consiquences for it.
If you warn an admin and they don't lock down their box, then oh well. Now if someone breaks in, it's their problem. You don't have it on your conscience. You tried to help. The important thing is not to become the criminal that you are supposedly trying to prevent.
As for the admin who receives the warning from someone. Be a man. Don't try and shift your embarrassment of having an insecure box, onto the person that tried to help you by letting you know. Suck it up. Lock down your box. And thank the guy for notifying you. Think about what would of happened if someone exploited the vulnerability, stole all your customers info, and your boss found out it was your fault for not doing what you get paid to do. Things could be a real mess.
The only thing that people don't like about being told their box is vulnerable, is the blow to their ego. Suck it up, and thank the guy. You ego would have been hurt a lot more if someone actually broke into your box.
An Ounce of Prevention is Worth a Pound of Cure...