Adrian Lamo notorious hacker or not ??

[ratman3]

Originally posted here by Juridian
I don't think it was a good thing. I don't want strangers poking around my house and checking for ways in unless i explicitly hire someone to do it.

Also, doing such unauthorised and for the most part unsupervised checks on live 'production' systems is dangerous and depending on what he was doing could have cost them alot more money than whatever damage to their business was done by him releasing his findings.

Pointing out blatant and obvious holes is one thing, doing a full fledged penetration test of a system you are not responsible or have permission for is another.

There is a smarter way to do what he did, one that doesn't end in feds and jail/probation time.

I agree....Lamo screwed up here. You ASK first and THEN when you have the paperwork in hand you test, NOT the other way around.

[PM8228]

I half messed up like this, but not nearly this big. Point being, he made a mistake, but he did save companies money and probably lots of it. Give him prohbation, or some force deal so he works for a few months/years under supervision doing authorized intrustion testing, and let by gones be by gones.

-JESSUS IS COMING!!! QUICK EVERYBODY LOOK BUSY!!!!!-

[Agent_Steal]

I personally think that it's a wake up call for some of these companies. To actually try and secure their systems. Maybe they should take more responsibility for being so careless.
NY Times got defaced before by a hacker group calling themselves "Hacking For Girlies"
i guess that some companies just never learn. Maybe having to make a pure embarrasement is the only way that will get them to actually act. Which probably still never works.

Lamo NY Times hacked:
--found seven misconfigured proxy servers that served as doorways between the Internet and the company's private intranet.
--Once he got in, Lamo breached weaknesses in the password policies of the New York Times to expand his access to a database of op-ed contributors, which included social security numbers of people like former U.N weapons inspector Richard Butler, former Clinton aide James Carville, radio personality Rush Limbaugh, Microsoft kingpin Bill Gates, and New York City mayor Mike Bloomberg.
Come on you would think that at least info like this would have been encrypted at least. But I guess that NY Times got lazy and that's why they got hacked.
They got money they just need to take more time to secure their network so things like this dont happen.

[Sgear17]

in my own point of view i absolutely agree on what you said, i think his capabilities or ability that scares the febs, i have;nt heard any damages he had done...... dont know about what happening when his pointing bugs and helping other maybe hes real intension is to help ..... but other take it as a SsRious treat okay this is my own opInion hope other will not be ofeended

[Juridian]

I think you overestimate the effect his actions had in the world. Most people don't care about him, or what he did, except those directly involved and the people who frequent sites like this (which in the greater picture, doesn't amount to a whole lot). Most of these companies that are currently putting out poor code will continue to do so because this won't make a big enough (or any) dent in their bottom line to actually provoke some kind of action. A few might...

[skiddieleet]

Originally posted here by Tiger Shark
Heretic: Fair comment, well taken..... Let's go a little further.......

My bank begs me to online bank with them...... Why? Because I will reduce their cost by using their computers rather than their people. That's fine, but as a security minded, computer savvy chap I want to see whether their system is up to par..... So I mess with it for a short while and find a hole...... Now, their logs show my "unusual requests".... What do I do? I've been with the bank for years, I have my morgage with them at a rate I can't beat.... Do I tell them with the evidence of my "hacking" in their hands if they decide to look or do I refuse the online banking..... which might make no difference to my security because someone might be able to access my account even though I chose not to accept the online offer? I can't change banks because my morgage will go up $100/month, but I can't show them their hole.... Aren't I screwed?

If I find a hole in someone's system I _should_ be able to report it to them without fear of retribution, period. If it is determined that I broke the law in the process, (transferring money for example), then that is prosecutable. If the "cost" to the institution is fixing their messed up system then that is part of their cost of doing business in this world.... If they can't hack it then get the hell out of the fire...... If I did nothing to harm anyone else, other than maybe damage the reputation of the institution then there is no harm done..... The image of the institution was in their hands by spending the money to ensure that their system matched their reputation..... If they fail to manage their reputation properly online then they need to reassess their online prescence.......

Bottom line: Potentially expose individual's data to the world..... You'd better make sure you are secure...... If you do not secure the data properly, STFU, and fix it or lose your customer base to a company that does......

How hard is that to understand?

What I would suggest in this situation is that you contact the bank and just tell the truth. You wanted to feel comfortable with being a customer, so you did some harmless poking around to make sure it was secure. Then if you actually find a hole, ask them to please fix it so that you will feel secure with your account there. And keep this all private. There's always going to be a risk that they will get mad and try and bring up a case against you. If they do there is probably a chance they would win too. Maybe you could talk to someone about their security before you do any poking, and even ask if you can perform some tests to make sure they're secure. And get it on tape too. Basically, no matter what you do there is going to be some risk, so just be smart.

[sysmin770]

Juridian,
I understand that you wouldn't want someone poking around your home network looking for weaknesses, but the companys that you put your trust in have to exercise Due Care in protecting your information. Most of these companys only care about making or saving money. It is a fact of life. Hopefully it will be a wake up call for these companys. I belive they have cut corners for too long.