Hacker Ethics Question

[AciDriveHB]

I just watched a TV show on TCL (I forget the title of it), it talked about a lot of white hackers who were hired by a company to find all the wholes in a network, who would give out passwords, etc. And also about white hats who did like had happeded to you methdeath, so honestly shoudl you be surprised about it... I would say not.

Here's the tricky part, because I agree with tampabay420 though. I mean if this person called you on the phone, told you about it, said this is my name and number and all checked out... then I wouldn't worry so much. But if someone just sends you an email and tells you about it trying to throw you off, hoping that all the IP logs would be deleted before you thought maybe they actually stole something from your company, who knows.

I agree with your logic methdeath, that if they don't cross the line then they are safe. But sometimes how do you know if they crossed it or not, because they told you that you have problems with your security?

Personally I'm a security nut, if someone like that just emailed me and I couldn't trace it back, or couldn't contact them again, then I might think about getting the police involved... JUST to make sure that nothing was stolen.

It's kind of a hard call to make, because you don't want to be an ass for having someone point out mistakes, but you don't want to think that they are being totally up front either.

[Highlander]

This is Western NY, They all wanted a fee before
they proceded.... This neck of the woods is so
full of "The Good Old Boys Networks" I almost
got convicted because of who the local Telco
was... Local Owned for Generations by 1 family.
And I know the family, some were real nice but
others acted like "Gods Gift to the World" and the
one who was after my "Butt" was one who thought
he was Gods Gifts.
I will say if it was not for another local bunch of
friends, who intervened in my behalf I would be
in JAIL!!!! as a Felon!!!

The world is not always fair! I wish I could have
re-cooped, but that page I posted has basically
cost them many customers. My ISP who I support
has increased from 2200 customers and no
ADSL circuits has increased to 7000+ dial ups
and 400 ADSL customers. In my area he
just started up with only 24 lines, when I was
kicked off of CE Comet, now has
or will have 192 dial up lines and has ADSL.

I figure I am responsible for either directly or
indirectly 2000 dial up customers plus a bunch
of ADSL customers.

[XychiX]

Originally posted here by tampabay420
XychiX-
| I think that's neat about the Holland Police- you say "from the outside" , right?
| I'm not too sure how happy i'd be if the cops broke into my house, just to tell me how it can be done. but as long as the intruder doenst log in... i'm fine with it :-)
| so, i guess (these white-hats) they just runa vuln scanner on your network and tell you what it found...

A white hat hacker wont only portscan (to see where the doors are) but he also opens them!

Like the police they will feel if the door is open, if it is they drop a note on the doormat and then leave again!

a White hat hacker finds a vulnarable service he'll try to exploit it and as soon as he gets a root shell he "SHOULD" logout and notify the admin.

There are whitehat's who will repair the system themselves. That's wrong in my opinion. Its a case of the admin whether he chooses for the risk of a vulnerable system or for the risk of a update (wich aren't 100% riskless most time, thats why only the admin can decide).


By The Way, try this:
Walk op to the police station en tell them you're laptop has been stolen from you're car. when they ask you is there's any damage tell them "No because i left the windows and the doors open of my car!".

I Bet they'll (almost) laugh at you...

In my opinion one should to the same to a lazy admin that is stuck with a default install of windows 2000.

[Ghostdog]

I think I would be happy AND angry.

1. Happy because the web site will be secure.
2. Angry because I do not do my job. It's my responsability to find holes and to stay aware of vulnerability.

[drew]

i figure if you can access the system then you must know what you're doing.
if you COULD cause damage, then why on earth would you come out and say "HERE IS WHAT THE PROBLMES IS AND THIS IS HOW TO FIX IT".
my advice, (it’s just my opinion).... if you do wish do let admin know what their security holes are do so anonymously at first, for you own safety.

[AciDriveHB]

yes but as was said before, wouldn't that be the perfect coverup? I mean if I hack the FBI, and just tell them the security flaws... I'd be in jail in like two seconds anyway. Why, because the fact remains that the person who let you know about those flaws might still have stole something... Payroll, banking information, etc. So you can't be all thankful that someone showed you the holes in your security and think it's no problem, beause unless they are already on payroll and working for you, it's still something to be scared of.

Plus it could even be a hacker bragging, "Hey you've got this problem, this problem, and this problem in your security structure" as he's thinking "wow, I just got myself a free trip around the world thanks to the payroll of this company, stupid f**kers".

I've seen it done before. Heck I've even helped someone I know hwo works for a bank try to find how tight his security is, and I was the guy trying ot hack in and find all the holes. I got people to believe I was a tech working for the bank, so they gave me security codes and stuff. But if I wasn't actually doing all that to help a friend, I could have gotten into some really nice stuff. That's what I'm talking about...