Re: Ethical hacking

From: Ross (Ross_at_SingingFrog.com)
Date: 06/26/05 

Date: Sun, 26 Jun 2005 11:21:46 -0500

Jim Watt pulled a bright blue crayon out of the box and scribbled this in
news:te6tb1t72pqkqqe1gaoj810iftn81p68ta@4ax.com:

> On Sun, 26 Jun 2005 11:57:53 GMT, "rm-rf" <decoy4000@yahoo.com> wrote:
>
>>Why the hesitation to help?
>
> This is a security group rather than a hacker group, its
> rather like asking the police the best way of burgling
> someones home, they may know but they might be
> suspicious of your intent.

If someone doesn't attempt to break home security systems using the
techniques of a burglar, then the testing is incomplete. Knowledge of the
techniques leads to a higher level of awareness and competancy in those who
want to protect themselves.
 
> Hacking, as its generally understood to mean computer
> access without the authority of the user, is abuse, and is
> simply not ethical.

That is a narrow definition. It is assumes that hacking necessarily
include systems to which the hacker has no authorization.

A description I like is "You don't learn to hack, you hack to learn."

That said, "learning" on a system on which you have no authorization is
unethical. It is not an issue of the techniques, but the application of
those techiniques to certain (most) systems.
 
> Its also illegal in some jurisdictions.

Indeed.

Running ping sweeps on a kerberos server at work is not a path to job
security (unless, of course, you are specifically authorized to do so).

The best way to "learn" is to do so on a network isolated from any other --
fortunately, reasonably good hardware is readily available these days.

R. 

-- 
Go not to Usenet for counsel, for they will say both yes and no.