If I saw a stranger walk up to my house and try the doorknob, I wouldn't be
comfortable with it. When he sees me walking up and then tells me he was
only checking the security of my home because he was concerned about my best
interest, I still wouldn't be comfortable. How do I know he was only
checking my door and wasn't trying to break in? By first impression, it
sure looks like he's trying to gain unauthorized access to my home.
Or, if the stranger tried the doorknob while I wasn't around, and then sent
me a letter in the mail telling me he did so, I would still feel
uncomfortable. I would realize he had good intentions, but I'd be more
comfortable with no one checking the security of my home unless I asked them
to do so. If he continued to do so afterward, I'd call the police.
Regardless of his intentions not being criminal, I just plain would be
uncomfortable and would prefer he stop.
When you check your neighbor's doors when they're on vacation, I presume
they asked you to do so. I don't want anyone checking my doors unless I ask
them to.
> -----Original Message-----
> From: Bill Stackpole [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, July 20, 1999 11:33 AM
> Cc: [EMAIL PROTECTED]
> Subject: RE: Response to hack attempt? - The ethics of rattling door
> knobs .
>
> Just curious what other think about the rattling door knobs question. Is
> it
> wrong to probe a system for security flaws if you have no evil intent? I
> check my neighbor's doors when they are on vacation to make sure no one
> has
> broken in, look in the windows to make sure everything is normal. Does
> that
> make me a criminal? I doubt it.
>
> Over the years, I've called many a company to inform them of potential
> security risks I have observed. Some have come to me in the mail, some as
> extraneous packets on my Internet connection and others as the result of
> my
> testing the effectiveness of certain security tools.
>
> I do such things to help people build more secure systems. I'm interested
> in what others think about the ethics or criminality of such conduct.
>
> Your comments.
>
>
>
>
> > -----Original Message-----
> > From: Rabid Wombat [SMTP:[EMAIL PROTECTED]]
> > Sent: Monday, July 19, 1999 6:45 PM
> > To: Bill Stackpole
> > Cc: [EMAIL PROTECTED]
> > Subject: RE: Response to hack attempt?
> >
> >
> > This is why setting up a "bait" system with a chroot "jail" is a good
> > idea. If you can't nail them for probing, you get a chance to nail them
> > for hacking into the (deliberately weakened) system, and have logs to
> show
> > what they try to do from there. Probing may be akin to rattling the
> > doornob to see if it's locked, but hacking the bait system is B&E.
> >
> > -r.w.
> >
> >
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
