Educause Security Discussion mailing list archives
Re: FYI: Another round of spear Phishing (ethics)
From: "Basgen, Brian" <bbasgen () PIMA EDU>
Date: Thu, 19 Jun 2008 08:59:00 -0700
Dean,
scam. I am curious to hear what others think of using "deception" to educate.
Discussion about people being fooled is one way to express ethical concerns. One could also look at abuse of power/entrapment/etc, in terms of using your insider knowledge to target and exploit users. While the intent is good (exploit users in order to educate them), one could have a debate about the relationship of means and ends. There is plenty of room for debate on ethical issues. Personally, I believe that the means must coincide with the desired ends, and that using methods that you seek to prevent is a misalignment of objectives. Specifically, while using methods to test/identify vulnerabilities is acceptable, in this case, we already know the vulnerability. Thus, I think a somewhat fair analogy/moral equivalent is hacking into someone's server in order to tell them their server is vulnerable and should be fixed. ~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Pima Community College
Current thread:
- Re: FYI: Another round of spear Phishing (ethics) Basgen, Brian (Jun 19)
- <Possible follow-ups>
- Re: FYI: Another round of spear Phishing (ethics) Sheri J Thompson (Jun 19)
- Re: FYI: Another round of spear Phishing (ethics) Bob Bayn (Jun 19)