On 1/13/12 1:24 PM, Paul Schmehl wrote: > --On January 13, 2012 12:03:22 PM -0500 Benjamin Kreuter > <[email protected]> wrote: > >> On Fri, 13 Jan 2012 10:37:31 -0600 >> Paul Schmehl<[email protected]> wrote: >> >>> --On January 12, 2012 3:16:19 PM -0500 Benjamin Kreuter >>> <[email protected]> wrote: >>> >>>> The law is not going to stop the really bad people >>>> from attacking your system, nor is it going to stop them from >>>> profiting from whatever access they gain; sending law enforcement >>>> after someone who reports problems to you accomplishes little and >>>> only discourages people who might try to help you. >>>> >>> Assuming everyone's motives are as pure as the driven snow is a bit >>> naive, don't you think? >> Are there lingering doubts about the motives of someone who is >> reporting a vulnerability to you? They could have just profited from >> their discovery and never bothered to tell you. In any case, what have >> you accomplished by sending the cops after *someone who is helping you*? >> > Unless you're a complete fool, yes. You say you're helping me, but you > broke in to my server. How do I know you didn't help yourself to a > permanent back door? > > Again, it's naive to think that most people are motivated purely by a > desire to help others, especially when they are actively intruding into > other people's assets. > > YOU might say thank you, but I'll be taking the server offline, grabbing > forensic images and rebuilding it long before I get around to saying thank > you. > Well just remember they could have *not* told you and helped themselves to a backdoor. If they wanted to door you they probably wouldn't have told you.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
