Opinion on hackers

[cwk9]

First of all I’m sick of hearing the whole hacking is like breaking into someone’s house bit.

Second you tell me witch is worse.
1. Hacker finds hole in system and tells system admin, no harm done right?
2. Hacker finds hole but does not tell system admin because he’s afraid he will get in trouble. Next day evil hacker number 2 comes along and finds same hole and causes lots of damage.

[zion1459]

to make a parallel with a house is a good idea because ur computer is ur property and contain private info just like ur house...
It's illegal to use hacking techniques to penetrate an unknown system. Most times when security flaws are found it happens in one of two ways:
1. A smart guy sets up his computer and tests it for security flaws with another of his computers. He owns both machines and thus the law is intact.
2. A pro is hired by firm to do a security check-up, he finds some new and voila he gets a bonus... a professional hacker...

I would have no right what so ever to e.g go and see if someone's front door was left open. I do however havce the right to leave my own frontdoor open and use my own house to make a point or test something. In court there often isn't much doubt about computer crimi. If you penetrate a system you don't the right to be accessing then you break the law, where the big troubles start is when the judge has to figure out how big a sentence the computer criminal should have. And we all know that 5 years behind bars for defacing a website is insane but it happens.
Many of you AO users might think that trying to access someone's 'puter isn't illegal because, what's the big deal, right? And often it isn't a big deal but I can be and that's why it's illegal. So to hack legally simply make your breakin attempt the same way that you might make an physics experiment. that's the only professional way to do it, and oh yea, probably also the only 100% legal way

[zion1459]

Originally posted here by cwk9
First of all I’m sick of hearing the whole hacking is like breaking into someone’s house bit.

Second you tell me witch is worse.
1. Hacker finds hole in system and tells system admin, no harm done right?
2. Hacker finds hole but does not tell system admin because he’s afraid he will get in trouble. Next day evil hacker number 2 comes along and finds same hole and causes lots of damage.

this is a typical problem for many hackers. but normally when a hole is this situation the hacker almost stumbled upon it. This means that the hacker didn't do anything out of the ordinary to find it. If that's the case then simply tell the admin and if he starts make any trouble then don't worry because if the security flaw was that obvious then the admin will get his ass kicked in court.
Also we have the right to observe. Hackers (any1 actually but it's mostly hackers who know howto) may drag all the info out of a system that the system leaves open to the public. But if this info shows a security hole then the admin must be contacted at this stage and not after the hacker have broken into the system. If the hacker break in, he/she breaks the law. it's ok to find errors but if the hacker wants to test his theory he must do it on a system he has the right to mess with...

about the "sick of the house bit". yea it's used often but it makes everything so very clear. of course u can't fully compare a 'puter with a house but it has to be compared with something. how else will we know if something is wrong? to know if something is good we must know when something is bad. we judge by comparing things... but maybe we can find some alternative to the house parallel...

[xifon]

i'm sure that somebody might come with "dude, don't be so pessimistic" but sometimes you just have to be. the problem with all those laws is just the past. i mean if there wouldn't have been any "accidents" with computer security, we wouldn't have all those laws about it. and our society would certainly have another view of us and wouldn't get its picuture from movies like swordfish or all the other bullshit that's going around. i mean, we are freakin humans, and a part of that is that we are more likely to remember bad things than god things. nearly nobody around us knows, that hackers were the one who made the internet accessible to the public (which is actually not true, cuz porn did it, but hackers were the one who builded the first network, if you can call those guys hacker, cuz todays definition of a so called "hacker" has been totally changed by mass media and government), hackers still are the one who make internet safer every day by exploiting. exploiting isn't bad, it can't be, you just try to figure out the world round you and what the hack is bad in that? what made it bad is false media reports on hacker that illegally "hack" into something to steel information or enrich themselves. but there we are already at another human weakness, egoism. personal enrichment, abuse of information and so on.
but this post wasn't designed to talk bout the weaknesses of humans (although i kinda did), it was designed to talk bout some major issues. we can't change the past (not yet ), so we gotta live with the present. and if we have some stupid ass laws bout that stuff, well, then we gotta deal with it and find ways to get around it, and to say something to the person to start the thread: just try it anounymously, you might not get the credit, but you also might not get the problems. at least you get the expirience, that one is priceless and nobody can take it away from you.

[JRoc]

I agree. It's mainly a matter of: Are you after the credit or possibly a job with them? or Are you after problems and wanna avoid it. I think that you need to look at the goals of what your doing and base it from there.

[zion1459]

todays cybercrime laws suck... big time! and innocent hackers get their asses in trouble way to often. And even when it's the real cyber criminals who get caught the get way to big sentences. this is a serious problem. And remember, hacker don't break the law because they don't abuse their knowledge.
but it's like I posted it earlier... We are legally allowed to grab all the info open for the public we can find. So we query ports etc. without breaking the law. or so we thought... hehe
Big firms might actually sue someone just because they see your IP in their log-files way to many places and because it pops up in their IDS. They don't really have any proper proof (because, hey the law wasn't really broken) but they do have money and a big bunch of extremely good lawyers..
the ugliest about this is that their own webserver probably automatically do all the same things against all their customers that the hacker did to them but they got pissed. this is where the law fails. and this is just one of many examples... a whole new law is needed.. a law made by hacker and computer experts in cooperation with government. the problem today is that it's just a bunch of dumb win98 using politicians who are sitting and accepting all new cybercrime bills... they don't know **** about 'puters! (most of 'em don't)
they seriously see any hacker as a potential terrorist...

[japhninja]

Originally posted here by Viperbite
In my opinion "helping them" is wrong. Its just like going to someones house and breaking in non destructivly then telling them how you got in there or just breaking in to learn about lock picking.</QUOTE>

Actually, it's more like finding the door to your neighbor's house standing wide open, with the keys still in the lock. I don't have to break into other people's computers to learn, but I will never own as many systems as are available on the internet. Does this mean that I launch attacks against random hosts with wild abandon? Absolutely not! But if I notice that my ISP is running an unpatched copy of ProFTPD, I'll tell them about it.

And tell them. And tell them again.

The problem here involves tape monkeys and SysAdmins who have a platefull of issues before I dragged my sorry-ass along with this eensy teensy vulnerability in a service that has worked quite well for the past 2 years, Thank-You-Very-Much. The last thing the IT department needs is some project to get done before midnight. Now I could shrug my shoulders and say &quot;Oh well, not my problem.&quot; But I'd be wrong. It's my ISP, and it's a service I use, and it damn well IS my problem. Could I complain? Yes, but that's just pointing fingers and not getting the job done. I could fix the problem myself, but loading new software on a system would invariably cause more havoc when it's discovered that some script will not run, or the host keeps crashing, and honestly, I just don't know enough about the network to be able to make that kind of decision.

The question here is, how do I make it apparent to the people who need to know that there is a problem. I've found that the quickest way to do this is send a message from root to root, stating the problem, and also giving information on a solution. This is white hat. This is what I practice. Any system, service, or network I use needs to be secure. I want to be able to trust this ISP, or that email server. And honestly, when my DSL router gets shipped to me with out a login or password set, I get anxious.

<QUOTE>Oh yea by the way 2600 is full of hacker idiology and propaganda. Just look at how they talk about Kevin Mitnick and everything as if he wasnt guilty read it with a open mind approach and you'll see its all propaganda.

Anything written is propoganda. The menu at your local favorite restraunt is propoganda. It entices you to BUY MORE. They have an agenda. The local daily newspaper has their own agenda. I have an agenda. By writing this reply, I want to sway your opinion. Same as the message originally asked of this group.

Don't decry propoganda until you understand how it works and permeates our society.

[xifon]

xactly, propaganda is the only thing we got left as i said before, and if you don't understand it then just keep it for yourself, cuz it's a shame. everybody knows that you can't trust the media. cuz the media is run by big companies and controlled by government (think bout that), so everybody who believes the media might as well believe in ET or the happy future your government says your gonna live, **** that ****, seriously.
and i don't think too that those idiots up there have any idea bout 'puters, otherwise they wouldn't make that big bullshit out of it.

[Ouroboros]

I'm a little late in replying to this one, but just thought I'd put in my $0.02 on the "house/security flaw" issue. Almost anyone can walk up to a house to test the lock...but how many people even know HOW to find the 'house' when it comes to locating flaws in server/network security? I would like to think that most people that CAN perform such feats would enjoy notifying the proper people upon finding such holes. Kind of that warm and fuzzy 'I'm actually helping people' feeling. Laws be damned, eventually people will drop their pride and celebrate being notified of a hole that could have been a major disaster for their particular entity(company, VPN, home gaming system, whatever...) Hell, some people get paid mega-$ to do exactly that...but just because someone on the outside does it, it becomes illegal, even if no malice was intended? That's f***ed up. The laws that govern the exchange of digital information are outdated, and are based mainly in fear and a kind of 'cyber'xenophobia.

Hackers = good, and I'm forever impressed by their skills and what they use them for; Crackers=bad, and while I'm still impressed by their technical skills, thier sense of morality and justice are severely flawed.
The powers that be need only recognize the difference and adjust the laws accordingly...it must be possible by now, don't you think?

Ouroboros

[ajnabee_janoon]

Isn't it funny how some kiddies come here not knowing a damn thing about hacking and try to run us into the ground. If you don't agree with this web-site and others like it....then stay the **** away and quit wasting our time with your ignorance.