Re: Rate Stratfor's Incident Response

[Benjamin Kreuter <ben.kreuter () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Thu, 12 Jan 2012 18:29:42 +0000
Giles Coochey <giles () coochey net> wrote:

> On 12/01/2012 18:12, Laurelai wrote:
> > My suggestion that they should hire these kids was meant to imply
> > that as bad as they are they probably are more ethical than the
> > people they are attacking since they aren't storing all sorts of
> > sensitive user data in plain text and telling people its all safe.
>
> Hell NO! Wouldn't trust anyone who broke into my company like that.
> If they contacted me I'd be straight onto law enforcement to report
> them for trying to blackmail me.
 
I am not sure it really counts as blackmail if someone says, "I just
downloaded these secret files from your computer system," unless they
follow up with, "If you do not pay me, I will release this to the
general public."  Frankly, someone who simply releases these documents
to the public is not nearly as unethical as someone who tries to
quietly sell the documents on the black market.  We should not be
making the mistake of thinking that someone who cracks a security
system without permission is necessarily evil or has evil intentions,
and the ethical violation is very minor.

Really, calling it "breaking in" is a stretch.  You connected a
computer to a publicly accessible computer network, where anyone can
send anything to your computer.  If hacking such a system is "breaking
in," you might as well claim that shouting across your neighbor's yard
is "breaking in."  The law is not going to stop the really bad people
from attacking your system, nor is it going to stop them from profiting
from whatever access they gain; sending law enforcement after someone
who reports problems to you accomplishes little and only discourages
people who might try to help you.

- -- Ben
 


- -- 
Benjamin R Kreuter
UVA Computer Science
brk7bx () virginia edu

- --

"If large numbers of people are interested in freedom of speech, there
will be freedom of speech, even if the law forbids it; if public
opinion is sluggish, inconvenient minorities will be persecuted, even
if laws exist to protect them." - George Orwell
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iQIcBAEBCgAGBQJPDz+ZAAoJEOV0+MnZK9ijLG4P/jzrPWpVe/UNPMEZDNEFGIS6
G+qumaR5t12YePhOxn1gZYiOor2PyWp/O3BYhOXqiu3yi74q9PVBroLjHWI+i3gd
kdTtEu7SjuxHdKnPRyeeXS9HghlYcGgXUOlnzeXn0+pPM+QeF17zjHSYGWa+PujR
sKJD13wKXjuokQxKM0hbsH4V+TkmTEiqVPQ+dJQMF0v2tT7wzoDQz7qI+Mku6BsL
Emtr9m4M9rV+1eS1cb982qOyC+xNrdmRwyFTACz8eW74ibzothtqlaVmc1fhg6Z0
Ue+xhleVAug2bNqNMTIvrHjSgmNbY+ZfknEdg3QCvKltOWcRMH7qJFcIlsHB3dCL
TyJEhbtq5uElgAPEfQdTKyxCf8pclzQ14bZDYgxAj7HP1HQFJ0FzgFf0vmZKuLDf
N641nxQq5j3fk4NekIn+b2//C+Ok/4/EhPugQZhKy49xccE1jKI+AXgQJD1ZT4OS
/KM7ai/0YLruTVPgznKZFDYrxypJt3wJugaurJz1GCXE7biOdh04/5zdbR2RmACk
XyOltAtVx2PQ5gQGCfd1yQz1H/Umgme+YgbzyINrL6a58QZJXXgY6ue803z5sbie
cn+O11QPvRmYOaDUeO2AxnKiejGKY0ggRFHWXizSnvvh6PZuZLkAvVfM8YYWTba6
ghSPa6H5eVunCImlBHGk
=rSlC
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/