Hacking in good faith is OK,"wardriving' in texas will earn fatal injection.
Matthew X
profrv at nex.net.au
Wed Apr 21 18:32:58 PDT 1999
By D. IAN HOPPER, AP Technology Writer
LAS VEGAS (August 1, 2002 2:40 p.m. EDT) - A presidential adviser
encouraged the nation's top computer security professionals and hackers
Wednesday to try to break computer programs, but said they might need
protection from the legal wrath of software makers.
Richard Clarke, President Bush's computer security advisor, told hackers at
the Black Hat conference that most security holes in software are not found
by the software maker.
"Some of us, here in this room, have an obligation to find the
vulnerabilities," Clarke said.
Clarke said the hackers should be responsible about reporting the
programming mistakes. A hacker should contact the software maker first, he
said, then go to the government if the software maker doesn't respond soon.
Hackers commonly share their findings with others in their community
through e-mail lists or Web sites. But how much they should disclose is an
ongoing debate among computer security professionals. Some argue that full
disclosure is best, while others say a hacker should only warn that a
problem exists without showing how to take advantage of it.
Clarke said hackers shouldn't help criminals by showing how to exploit a
programming bug before the software maker has a chance to fix the problem
by issuing a patch, or fix.
"It's irresponsible and sometimes extremely damaging to release information
before the patch is out," Clarke said.
Companies differ in their response to independent researchers. While some
encourage or even reward bug-hunters, others are more concerned about the
possibility of extortion or embarrassment to the company. In some
instances, they seek civil or criminal charges against the hacker.
Clarke said that situation is "very disappointing," as long as the hacker
acts in good faith.
"If there are legal protections they don't have that they need, we need to
look at that," he said.
http://www.nando.net/technology/story/484376p-3867743c.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2413 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/19990421/52056505/attachment.txt>
More information about the Testlist
mailing list