Bugtraq mailing list archives
Re: Vulnerabilites in new laws on computer hacking
From: Paul Schmehl <pauls () utdallas edu>
Date: Wed, 15 Feb 2006 12:22:07 -0600
--On Saturday, February 11, 2006 16:35:20 +0000 self-destruction () itsbest com wrote:
That's silly. Researchers know full well how to do this without ever breaking any laws. In fact, most of the best researchers who are finding the bugs and weaknesses in systems never breakin to any system not owned by them.It'd be interesting to see if this post gets approved by the moderators of bugtraq. As all of you know, this forum (bugtraq) is constantly monitored not only by crackers and infosec professionals, but also by government and law-enforcement agencies. The reason why I'm posting this message is because I'd like to bring attention to the new laws on hacking. As everyone knows, laws on computer hacking are going tougher. There are however, some negative consequences. "Advanced societies" are updating computer crime laws faster than the rest of the world. This means that new generations of these more "advanced societies" will have no clue about how remote computer attacks are carried out. Future generations of security "experts" will be among the most ignorant in the history of computer security.
New generations of teenagers will be scared of doing online exploration. I'm not talking about damaging other companies' computer systems. I'm talking about accessing them illegally *without* revealing private information to the public or harming any data that has been accessed. To me, there is a big difference between these two types of attacks but I don't think that judges feel the same way. Furthermore, I don't even think that judges understand the difference.
To me there is not. They're my systems. Stay out, thank you very much.If you want to learn how to hack, set up your own network, install some OSes, with various patch levels, and hack away. You can learn everything you need to know without ever touching a system you do not own. Get your buddies involved. Hack each other's boxes. But do not hack into systems that do not belong to you. That *should* be illegal and you *should* be prosecuted.
Now, I'm not saying that I support accessing computer systems illegally.
Yes, you are. You're talking about breaking in to systems that you do not have permission to enter.
And you're wrong. I don't have to hack into someone else's equipment to know how to hack into things.All I'm saying is that by implementing very strict laws on "hacking", we will create a generation of ignorant security professionals. I think to myself, how the hell will these "more advanced societies" protect themselves against cyber attacks in the future?
That's because you have tunnel vision. You think the only way to learn to hack is to attempt to break in to someone else's equipment.These new tougher computer laws will, in my opinion, have a tremendous negative impact in the defense of these "advanced societies". It almost feels to me like we're destroying ourselves.
Do locksmiths break in to random houses to learn their craft?
Oh, well that gives me great comfort. Never mind that I can be prosecuted for the breakin because I've violated a law such as GLB, HIPAA, etc. by "allowing" a breakin. I'm glad your friends are so "ethical". If you only think about what's in it for you, you'll always be slanted toward violating the law. Try thinking about the poor victim whose systems you're breaking in to. Put yourself in their shoes and ask yourself, how would I feel if I discovered that someone had entered my systems without my knowledge? Or bettter yet, how about if I reach in your pocket and take the keys to your car, take it out for a spin, then return it? Are you OK with that? No hard feelings?I know what you're thinking. You can learn about security attacks by setting up you're own controlled environment and attacking it yourself. Well, what I say is that this approach *does* certainly make you a better attacker, but nothing can be compared to attacking systems in real world scenarios. Now, I personally know many pentesters and I can say that most of them *do* cross the line sometimes when doing online exploration in their own free time. However, these guys would *never* harm anything or leak any sensitive information to the public. That's because they love what they do, and have very strong ethical values when it comes to privacy.
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/
Current thread:
- Vulnerabilites in new laws on computer hacking self-destruction (Feb 15)
- Re: Vulnerabilites in new laws on computer hacking Paul Schmehl (Feb 16)
- Re: Vulnerabilites in new laws on computer hacking Max Ashton (Feb 18)
- Re: Vulnerabilites in new laws on computer hacking Sysmin Sys73m47ic (Feb 18)
- Re: Vulnerabilites in new laws on computer hacking Ansgar -59cobalt- Wiechers (Feb 18)
- Re: Vulnerabilites in new laws on computer hacking Radoslav Dejanović (Feb 21)
- Re: Vulnerabilites in new laws on computer hacking Crispin Cowan (Feb 21)
- Re: Vulnerabilites in new laws on computer hacking Casper . Dik (Feb 24)
- Re: Vulnerabilites in new laws on computer hacking Ansgar -59cobalt- Wiechers (Feb 24)
- Message not available
- Re: Vulnerabilites in new laws on computer hacking Ansgar -59cobalt- Wiechers (Feb 21)
- Re: Vulnerabilites in new laws on computer hacking Paul Schmehl (Feb 16)