Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RE: Informing Companies about security vulnerabilities...

From: v0083mw02 () sneakemail com
Date: 6 Oct 2006 13:38:36 -0000
        It seems to me that every time a subject like this is broached there is always the question or response of, "is 
it ethical to do?"  I broach to you all the fact that we are here to perform a service.  A service that was taught to 
us and our mentors by individuals who created what is known as HACKING.  Do you think of yourself so highly to believe 
the skills that you have learned were created for legal purposes?  So to those of you whom believe that what you have 
learned either in a class or on your own, I call upon you the BS flag.  In my years of doing security, most of what I 
have learned and understood has been off of the efforts of those before me as well as hands on.  This taught me my 
abilities to be who I am today...
        What would the world be without people like Kevin Mitnick now the worlds number 1 leading security expert?  Or 
the Frank Abignales' working with the FBI?  Criminals keeping the world safe.  What Hippocrates!
        Yet we rebound to our statements, "is it ethical?"  Who creates ethics?  Who drives ethics?  If I can save 
someone from being run over by a bus do I do so?  As a human being with emotions I jump and save that person because I 
know I must.  But do I save someone's business from being taken over and misused for all its worth, owww nooooo that 
would be ethically wrong.
        I too have reported sites with vulnerabilities in my daily affairs because I have happened upon them.  What 
they do after I report it is none of my business.  But ethically I have performed my job.  Ethically.  You... You who 
thinks you are so much better to be paid for your abilities then to offer them freely... you do not have the capability 
to understand what the hackers creed is all about.  You are just a business man, out for your own, getting yours, and 
moving on.  I ask you, does the stock market care about your ethics, does the government care about your ethics, does 
your bank care about your ethics?  Because someone has just reported a vulnerability to them about their systems and 
your account resides on it as well, and they did nothing!
        We are professionals! Act responsibly, act sensibly, and always provide assistance to those who need it most.  
Not superhero's, just professionals!

Kawika Takayama
CISSP, IAM/IEM, CEH, blah blah blah

We should be taught not to wait for inspiration to start a thing. Action always generates inspiration. Inspiration 
seldom generates action.
  - Frank Tibolt

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: