June 23rd, 2003, 10:41 PM
To Hack or not to hack and send an email
The student mentioned in the article below stated that he hacked into the schools computer to show how vulnerable they were.
American Ninja Caught
The article had the following statement from a university spokesman:
"I think he made his point, but you might say he went about it in the wrong way," Duran said. "An e-mail to the webmaster might have sufficed."
Ok so he sends an email to the webmaster. What if he did and the webmaster blew it off as BS and deleted it, would that have then justified the hacking?
There was a recent thread here where a person found several potential entry points into a system. A recommendation was that the person sends an email to the admin of that system informing them of their potential risk to their system or how vulnerable their system might be. It was also mentioned that under Belgium law the person's act could be considered criminal if though no system was hacked only scanned.
So I am asking the following question:
Is there a point where hacking is necessary to show how vulnerable a
computer system is, even if the action of doing it without permission is illegal?
Personally, I think there may be certain situations where it would be necessary to prove the vulnerabilities in a system but only when repeated attempts to inform an admin have failed. But after the hack was done, the person would send the log of the hack to the admin so it could be seen what was done so the vulnerability could be fixed if they were really serious about helping. Would even suggest using snailmail if emails failed to get a response.
I am interested in reading your views on this article and question.
Wise men talk because they have something to say;
fools, because they have to say something.
June 24th, 2003, 04:41 AM
Usually if a company is concerned about vulnerabilities in there network they will hire a team to try to "hack" into there network.
The team does it exactly like a hacker would.
Port scans, fingerprinting, ect. They then report the weaknesses and vulnerablities found to the company.