Re: FYI: Another round of spear Phishing (ethics)

["Basgen, Brian" <bbasgen () PIMA EDU>]

Dean,

> scam.  I am curious to hear what others think of using "deception" to
> educate.

 Discussion about people being fooled is one way to express ethical
concerns. One could also look at abuse of power/entrapment/etc, in terms
of using your insider knowledge to target and exploit users. While the
intent is good (exploit users in order to educate them), one could have
a debate about the relationship of means and ends. 

 There is plenty of room for debate on ethical issues. Personally, I
believe that the means must coincide with the desired ends, and that
using methods that you seek to prevent is a misalignment of objectives.
Specifically, while using methods to test/identify vulnerabilities is
acceptable, in this case, we already know the vulnerability. Thus, I
think a somewhat fair analogy/moral equivalent is hacking into someone's
server in order to tell them their server is vulnerable and should be
fixed. 

~~~~~~~~~~~~~~~~~~
Brian Basgen
Information Security
Pima Community College