Not to mention the fact that you don't actually have to utilize a
vulnerability to know that it is there. Vulnerabilities all have signatures
or characteristics that make them visible without doing anything illegal at
all, unless you want to argue that having your router route traffic to the
machine in question constitutes improper use of your private property.
Anyway, there are numerous tools out there that will not only scan a machine
for vulnerabilities and report back what they are, but also how they work,
and how they can be fixed. In my opinion, this is like driving by a house
with all the doors wide open and then leaving a note saying, "Hey, <silly
person>! You left your doors wide open." As long as they don't take your TV
or tell their friend to do so nothing has changed. I feel that a lot of the
anger and rant following this sort of thing stems from pure embarrassment.
Get over it and learn to tighten up the ship. If it's that critical it
shouldn't be scannable to begin with.
Regards,
Steve
-----Original Message-----
From: Tim Lieberman [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 05, 2000 7:39 AM
To: [EMAIL PROTECTED]
Subject: RE: Security holes revisited -- reward offered
It's only extortion if there's a threat implied.
Think of it this way:
1) If there is an exploitable hole, your box is insecure.
2) Assuming I don't cause any damage[*], all I'm doing is
alerting you to a security problem.
It's not really ethical to do this, but it's not extortion either. It's
more like a locksmith walking into your locked office at night, and leaving
a note that says: "Your locks suck - I was able to pick them in under 30
seconds. Call me at <number> and we'll talk about getting you some real
security".
Yes he was trespassing, but it's not extortion. Some might call it
"breaking and entering", but assuming the lock still functions (in what is
now recognized as a limited capacity), I wouldn't agree with the "breaking"
part.
Extortion would be, for example, if I hacked your box, deleted some
unimportant data, and said that if I didn't get paid, I'd come back and
delete some important stuff.
[*] Some companies try to claim that someone breaking their security causes
damage in the form of losses to upgrade/update/fix their security. This is
a fallacy, the hole was there before the 'hacker' exploited/called
attention to it.
At 06:15 PM 00/04/05 -0400, you wrote:
>Gee sounds like a classic mafia protection racket. Pay us or your business
>will suddenly have some broken windows. Most places call this extortion.
>
> - Steve
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
