Hacking to prove a point?

[lkennedy.guru]

i fully agree with jared_c. I could find word to put it so good.

[KorpDeath]

No. To put it simply, no. It's juvenile.

[preacherman481]

All someone has to do to see my window open is look at it. They can then ring my doorbell and tell me in person, or they can give me a phone call. But to see flaws in my computer security usually the person has to been somewhere they shouldn't be in the first place. I have portscanned IP numbers that have subseven scanned me previously. I have spotted what looked like a trojan on their box and notified the ISP or the Network. But I didn't take the opportunity to see if I could access the trojaned port and find out if anything else is wrong. That would be the equivalent of saying, "Hmmm, I see this guy's window open. If he's that lax about security, I think I'll go into this house and do a full security audit and give him an itemized list of the security problems with his house." If you were the owner of a house and someone did that, would you be happy?

[preacherman481]

All someone has to do to see my window open is look at it. They can then ring my doorbell and tell me in person, or they can give me a phone call. But to see flaws in my computer security usually the person has to been somewhere they shouldn't be in the first place. I have portscanned IP numbers that have subseven scanned me previously. I have spotted what looked like a trojan on their box and notified the ISP or the Network. But I didn't take the opportunity to see if I could access the trojaned port and find out if anything else is wrong. That would be the equivalent of saying, "Hmmm, I see this guy's window open. If he's that lax about security, I think I'll go into this house and do a full security audit and give him an itemized list of the security problems with his house." If you were the owner of a house and someone did that, would you be happy?

[Mankan]

If someone noticed that I left my window wide open, I would want them to tell me. I would not call the cops on the person, and complain like a little bitch that he looked in my window. How can I hold someone at fault for walking up the street and noticed my window was open? I was the idiot that left my window open in the first place. He was nice enough to let me know before someone decided to break into my house, and possibly pull a gun out and kill me. That person did nothing wrong, they were being a good simaritan by informing me about my window. No harm was done. And that was nice of them.

Yeah, when stated like that I think we all can agree. But in this case the window was climbed through.
To tell the admin the security sucks if you happen to run into it is ok. To systematically try security to see if you can find something to tell them about is wrong and to deface a site just because they didn't do anything about it is criminal.

[preacherman481]

All someone has to do to see my window open is look at it. They can then ring my doorbell and tell me in person, or they can give me a phone call. But to see flaws in my computer security usually the person has to been somewhere they shouldn't be in the first place. I have portscanned IP numbers that have subseven scanned me previously. I have spotted what looked like a trojan on their box and notified the ISP or the Network. But I didn't take the opportunity to see if I could access the trojaned port and find out if anything else is wrong. That would be the equivalent of saying, "Hmmm, I see this guy's window open. If he's that lax about security, I think I'll go into this house and do a full security audit and give him an itemized list of the security problems with his house." If you were the owner of a house and someone did that, would you be happy?

[jared_c]

If he's that lax about security, I think I'll go into this house and do a full security audit and give him an itemized list of the security problems with his house.

Like I said.. there is a line that shouldn't be crossed. And that is when the person becomes a criminal.

But to see flaws in my computer security usually the person has to been somewhere they shouldn't be in the first place.

Which brings up a whole new topic which is: What exactly is "where they shouldn't be"? If I click on a link in a search engine, and it takes me to a directory listing that shouldn't be enabled, am I now violating your system? If someone trys to access my system, and I port scan their whole subnet block, your server happens to be on that block am I now violating your system? Should port scanning be illegal even though it does absolutely no damage what so ever? If it was, would that even stop the people that are going to hack your box anyway. No, it would just stop the people who would warn you. If I access the robots.txt file, that is accessed on a daily basis by all search engines, and you have a list of secret directories there, am I crossing the line by letting you know that the world has access to this? If you have web based log files available to the world and google has it cached for anyone on the face of this planet to view, did I violate your system by looking at google's cache or is google now responsible? Or is any of this even worth getting your panties in a bunch over, because now you know about the problem, and now you can fix it before any damage is done.

The bottom line is by stopping me from warning you, and by calling the cops on me, that WILL NOT stop the people that are going to exploit your system. If anything it is only going to catch you by more surprise and hurt you even more when someone does violate your system. If you see someone messing with your box, take action. But if someone stumbles across a vulnerability on your system, thank them for being nice and letting you know. Your box is on the WORLD WIDE WEB. Expect for it to be looked at. When you are driving down the highway you don't expect everyone to follow the rules. And you don't call the cops on everyone that cuts you off. If no damage is done, you have to just deal with it. Otherwise you are just going to waste your time, and their time, while the real cracker breaks in and destroys your system.

[cwk9]

I agree that it was wrong to deface the web site. But why do we always have to compare hacking to someone’s house? Me having to reinstall winblows because I got hacked in no way compares to someone breaking into my house and stealing all my stuff.

[jared_c]

Originally posted here by cwk9
I agree that it was wrong to deface the web site. But why do we always have to compare hacking to someone’s house? Me having to reinstall winblows because I got hacked in no way compares to someone breaking into my house and stealing all my stuff.

I hate the house comparison too. It always comes back up though. So I gave in, and I use the house comparison to back up my own views.

[tyger_claw]

It's a contraversial topic.....

Some will see it as a act in the right while some will say there were no rights in the act.


Defacing is wrong in a sense, because you are vandalising something someone created.
However, just continously sending e-mails and so is not going to get anywhere...

What a topic like this needs in a lot of thought. Instead of defacing the site, renaming the index.html to whatever.html and placing a before page with a link to the site and a small message like "told you your system is weak" would be better, but yet still debatable.

Actions do speak louder than words, but there has to be thought behind the actions.

Truly, in the end, it all depends in the perception of the "victim".

BTW, I'm sick of house comparisons as well..... what about pie