should hackers jailed?

[preacherman481]

I feel you should get permission from the owner before you do any exploring of someone's system. If they want a security analysis of their system, they should be the one to initiate it. It should be a voluntary process. What would happen if you went through the parking lot at Wal-Mart trying to open people's car doors? When the police drive up and say "What are you doing? Come down to the station with us," what would you say? "I'm just checking people's security; I wasn't going to take anything!" Would the police accept that argument? On occasions when I have had trojan placement attempts on my computer I have port scanned the attackers and found what I thought were trojans on their system. I have called or e-mailed this person's ISP or network to let them know one of their clients or machines might be compromised as a zombie. To me that's ok. On the other hand, if I found running trojans on their box and used them to go inside to explore, I would be in the wrong. There's a fine line, but once you cross it, you're in the wrong, IMO.

[jcmcb]

Right on Preacherman!

Just because you can do something is no reason that you should do it!

[ccKid]

You have a valid point, Preacherman, but what concerns me is when you come across something on a website that is misconfigured and allows access to DB files or whatnot. Upon contacting the company to let them know of the problem there is a possibility of you, just trying to be a nice person, being prosecuted for trying to help. If it was my system I would be very appreciative of being told of the problem but some corps and individuals are just nasty and may try to target you as a Hacker/Cracker. I think that is just insane!

ccKid

[11001001]

I totally agree with you, Preacherman.

erm...hacking in IS breaking in.

8*B@LL-That;s the exact point I was making. There is no difference. Intent is not even a factor.

[chawleyx87d]

' I agree if you hack a system and tell the people in charge how you did it
and how to fix it then they should thank you.'

Look at it from another prospective: You break in a house, you broke the
guys front door down just to prove that his locks really suck
have a look around then wait for the owner to come home and tell
him how you broke his door step by step and how he could fix it.
Will he thank you and offer you a beer? I think not

If someone door is wide open and no one is home it's still not ok to
walk inside like what if there is a burglar or thief in the home and he's
armed with a gun? what if the cops arrive on the scene and your the one
who is mistaken for the real intruder? youll still be arrested because you
weree illegally in this guys home even if your intent was not malicious
a smart person wouldn't have gone inside they would have picked up a
pay phone and called 911 and let them handle it. It's the same with
Systems if no one authorized you to enter you don't go in period.

[8*B@LL]

Originally posted here by 11001001
8*B@LL-That;s the exact point I was making. There is no difference. Intent is not even a factor.

ah. i see, so intent is not a factor. very interesting, but perhaps next time you should take the time to actually READ the arguement you are replying to before saying and avoid making an ass of yourself. infact, i highly suggest that you go back and look over my post on the last page right now before you go on reading.

anyway, i am in absolutely no way arguing "good intentions". good intentions lay the bricks in the path to hell(i love that saying ). anyway, im arguing actions. straight out actions. to use the(insanely stupid) comparison to a house, here is what i am saying:
you know some guys locks are absolute crap. you go down and pop the door upen using whatever method you wish then twist the handle to confirm it is indeed unlocked(or open the door slightly if you wish). here is where you have a choice. you either re-close the door and walk away, then place a phone call from a pay phone somewhere downtown saying simply "your locks are crap, here is how they can be beaten, here is how to fix them" or you walk in and start looking through stuff and throwing vases at the wall for fun; taking his money, reading his private info like bank statements...you get the idea.

now, would you have the guy who tested to see if your door could be opened then did nothing thrown in jail(btw, it can be assumed for this that you had no knoledge that you had shitty locks beforehand), or are you going to just let it go and get new locks? i mean, it is assumed that you will look arround the house and make sure that he DEFINATLY didnt get in. in this case you would probably have a camera on the front door(the equivalent of logs) to see that they just barely opened it, and didnt go in.

are you going to say thats a crime? i dont think so...it surely isnt "breaking and entering" because there was no entering, there was no theft, no damnage...nothing that i can think of about this example could be considered criminal...

[ccKid]

I completely agree with 8*B@LL, if no damage or theft has been done why press it. I would see it as a helpfull thing.

ccKid

[jcmcb]

8-Ball -

Just because you don't mean any harm or intend to do damage, how does the shop keeper know that? For all he knows your some malicious mafia tpye or skript kiddy looking so score a quick buck... so now he has to spend moeny to fix his security. That costs him money, hence you just caused him damage...

Now maybe he should have had better security to begin with, but who gave you (or anyone else) the right to intrude upon him and his system. Because you stuck your vitrual nose into his system, you should have to pay his seciroty costs...

Moral of the Story: Leave people there privacy!

[SarinMage]

the thing is that many times the people will go to them and tell them, saving them from damage that COULD have been done. I know id much rather have someont tell me then they brooe in then have dsomeone break in and destroy something.

[8*B@LL]

but like i said before, jcmcb, i'm not talking about the hackers intent, im talking about their actions.

anyway, your logic is a bit flawed on the whole "you caused them damnage" bit. what you are saying is basically this:

1) Their system has a security hole.
2) A hacker breaks in through the hole.
-----------------------------------------------
3) the hacker caused the security hole.

atleast thats what your arguement looks like(btw, line 3 = conclusion). now i agree that lines 1 and 2 are correct but the conclusion just isnt there. the hacker didnt cause the hole, it was already there, they just spoted it and told the system's admin about it. if anybody could be considered at fault, its the software vender for not fixing it or the admin for not keeping up with his patches.