Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Adrian Lamo notorious hacker or not ??

  1. #1
    Senior Member
    Join Date
    Oct 2003
    Posts
    707

    Adrian Lamo notorious hacker or not ??

    I just wanted to know what everyones view is on Adrian Lamo's hacking. Since I personally think that what he did was ok because he caused no damage to the company's that he hacked. Instead he made them aware of their weak points in security. Which were small flaws that could have been prevented. A lot of the company's that he hacked into applauded him for his work and were greatful of his work for pointing out there flaws.

    If you haven't heard of him just simply go to google.com
    and type "Adrian Lamo" in the search box.
    Operation Cyberslam
    \"I\'ve noticed that everybody that is for abortion has already been born.\" Author Unknown
    Microsoft Shared Computer Toolkit
    Proyecto Ututo EarthCam

  2. #2
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    I'm pretty sure this was already discussed but I'm going to reply anyway. What I don't understand is that wether he found the holes or not they are still going to have to fix them eventually, but since he found them, the money it cost to fix the holes counts as damages against him. That's just stupid. He probably ended up saving them money in that they could not be hacked through a hole that is fixed.

  3. #3
    I do not believe what he did was right. He probably should have asked them first; offered a free security audit. Fact is they are lucky he did not go to town with the information he could/did obtain. Personally I think he should get a slap on the wrists so he remembers to play nice and ask.

    -It is I, me-

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    i think the feds are taking him to the cleaners because of his past association with cDc.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  5. #5
    Senior Member
    Join Date
    Jun 2003
    Posts
    134
    I personally think that what he was doing is a good thing. Companys get lazy, they cut IT costs, they cut corners, and do anything to save a buck. Basically he found holes and notified the companys that they had those security holes. Some of the companys he has hacked have actually praised his efforts. He didn't cause any damage or ask for money. Hey, free security audit.

    I say keep them on their toes.
    Sysmin Sys73m47ic
    -The Hacker Pimps
    -Development Team {FuxorWRT}
    http://www.AntiOnline.com/sig.php?imageid=563

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    If you really think about it it's really frigging silly that I might find a security hole by accident at a company's web site for example and I can no longer tell them for fear of being prosecuted..... How the hell does that help anyone.

    Heres an example. A company sends me a url - http://www.mybank.com/login.asp?id=12345 with a deafult password of hello, I can't go there right now and I can't send it to the computer that I want to access it from, so I copy it down.... But I transpose the 12345 with 12354.... Jeez, it works and asks me to change my password, (i'm a new user....), now I'm looking at Joe Public's bank account..... Well, what should I do? I'm a law abiding citizen so I don't pry.... But I could send money to my brother in Jakarta, (yes, I have one there.... ).... But I can't risk telling the Bank either..... If I leave the hole unmentioned someone will get to my account and empty it..... If I tell the bank I might go to jail so my bank account will be pretty much empty anyway.....

    It's ludicrous..... Period!
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    Some companies, and the definetaly the goverment are hypocrits. They want the good of everything without consequences of either.

    -JESSUS IS COMING!!!! QUICK EVERYBODY LOOK BUSY!!!-

  8. #8
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    Tiger Shark, what you are saying if you ask me is different than what happened to Adrian. He didn't accidentally discover these holes, he was looking for them. I'm sure that if you accidentally discovered a whole and you told the website, even if they did press charges, it wouldn't get anywhere. Since I started off by saying "if you ask me" then a good reply to this post might be "nobody asked you".
    Just my 2 cents.

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Heretic: Fair comment, well taken..... Let's go a little further.......

    My bank begs me to online bank with them...... Why? Because I will reduce their cost by using their computers rather than their people. That's fine, but as a security minded, computer savvy chap I want to see whether their system is up to par..... So I mess with it for a short while and find a hole...... Now, their logs show my "unusual requests".... What do I do? I've been with the bank for years, I have my morgage with them at a rate I can't beat.... Do I tell them with the evidence of my "hacking" in their hands if they decide to look or do I refuse the online banking..... which might make no difference to my security because someone might be able to access my account even though I chose not to accept the online offer? I can't change banks because my morgage will go up $100/month, but I can't show them their hole.... Aren't I screwed?

    If I find a hole in someone's system I _should_ be able to report it to them without fear of retribution, period. If it is determined that I broke the law in the process, (transferring money for example), then that is prosecutable. If the "cost" to the institution is fixing their messed up system then that is part of their cost of doing business in this world.... If they can't hack it then get the hell out of the fire...... If I did nothing to harm anyone else, other than maybe damage the reputation of the institution then there is no harm done..... The image of the institution was in their hands by spending the money to ensure that their system matched their reputation..... If they fail to manage their reputation properly online then they need to reassess their online prescence.......

    Bottom line: Potentially expose individual's data to the world..... You'd better make sure you are secure...... If you do not secure the data properly, STFU, and fix it or lose your customer base to a company that does......

    How hard is that to understand?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  10. #10
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    I don't think it was a good thing. I don't want strangers poking around my house and checking for ways in unless i explicitly hire someone to do it.

    Also, doing such unauthorised and for the most part unsupervised checks on live 'production' systems is dangerous and depending on what he was doing could have cost them alot more money than whatever damage to their business was done by him releasing his findings.

    Pointing out blatant and obvious holes is one thing, doing a full fledged penetration test of a system you are not responsible or have permission for is another.

    There is a smarter way to do what he did, one that doesn't end in feds and jail/probation time.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •