Your Views On Hacking People

[pooh sun tzu]

I have read all of your replies and will say that I see your point very clearly now. Altering even in the name of fixing is destructive and thus counter-productive to my origonal post. However, the situations in which I "fix it first, tell later" are on friends networks, where as the "notice, document, and report" is my more used method. What are your thoughts and opinions on someone who documents the system up and down, cracks root, documents all holes, procedure in which root was gotten, a document on how to fix the security hole as well as other possible holes... but not touch anything, even log files?

See, my friend method is different than my normal method of work. Sure I would love to setup my own little hack box, but unfortunatally I don't have the money for a 2nd computer, which even then would defeat my goal of helping make the internet secure by breaking it, and then showing people step by step how to fix it and prevent it again against people who _would_ destroy. Thoughts?

[MrLinus]

Find a friend who is willing to let you abuse them. I have one friend who is like that. He IMs me every now and again with some new device, toy, software setup and asks me to go to town on him, with no specific deadline (so I can do it right away, in a week or in a few days).

I've been overly successful with this technique against him (once caused him to rebuild a Novell BorderManager Firewall). Now, these are his home machines and I'd never do it against his work stuff without permission. The reality is -- IMHO -- still that there are many that wouldn't be too thrilled if you entered their computer without permission (that violated feeling that we feel -- sorta like if a burglar went into the house, didn't take anything but just perused and then left).

BTW, have you looked into visiting your local thrift shop and getting an old Pentium box? You can build some good *nix abuse boxes with those (I have a FreeBSD IDS setup on mine right now and it cost me nothing to get the box or the software for that matter).

[pooh sun tzu]

Mitten, let me first thank you for your responce, as it was very kind and helpful

Find a friend who is willing to let you abuse them. I have one friend who is like that. He IMs me every now and again with some new device, toy, software setup and asks me to go to town on him, with no specific deadline (so I can do it right away, in a week or in a few days).

Hm, my friends tend to do their own security already. But I do get your point and will keep it in the back of my mind.

The reality is -- IMHO -- still that there are many that wouldn't be too thrilled if you entered their computer without permission (that violated feeling that we feel -- sorta like if a burglar went into the house, didn't take anything but just perused and then left).

Understandable, and I did not think about this, as my experience has always been positive.... but that doesn't mean it won't ever go wrong and get me busted. Even by me wanting to both learn and improve someone's network at the same time, even by wanting to do it out of the kindness of my heart.... I do understand now that people may find it intrusive and although helpful, simply wrong. Which you helped make a valid point. I can't exactally continue my goal of improving and securing the internet from behind bars, can I? Only thing I shall miss now is that bit of excitement knowing I have to be faster and better than the admin walling me....

BTW, have you looked into visiting your local thrift shop and getting an old Pentium box? You can build some good *nix abuse boxes with those (I have a FreeBSD IDS setup on mine right now and it cost me nothing to get the box or the software for that matter).

I have, but I was simply to lazy at the time to consider it, as my current funds are better spent paying rent. I will keep this in mind, and most likley save up a small amount for a Pent I perhaps.

Thank you again for pointing out a few things, as it proved to be enlightening and path changing!