---- you wrote:
>
> Well, I suspect that the authorities might not interpret your probing a
> bank site as innocent, and how could you prove any different? Similarly if
> you walked into a brick and mortar bank without permission to check the
> security of their safe.
>
The legal authorities are not necessarily technically
literate. What we need are judgements based on the
ethics of technically competent people.
The Internet cannot survive without hackers. There
can be no defensive computer security unless the
people who build it are competent in every dirty trick
of computer intrusion. The art and science of computer
intrusion must be cultivated, since otherwise there
can be no defense against intrusion.
You might get your ethics from CERT, EPIC, CSRC,or any
number of standards. Rather than appealing to law,
I suggest we cite how the actions would be judged by
various competent technicians. I respect both l0pht
and the NSA, because both are technically comptetent
and have their own standards.
So I don't care what technically incompetent lawyers
might say: what do cutting-edge hackers and crackers
say? In no particular order, here are some people
who might have useful opinions:
Cult of the Dead Cow
l0pht
2600
HOPE
EPIC
CERT
NSA
FBI
Computer Professionals for Social Responsibility
Computer Security Resource Clearinghouse
Computer Security Institute
Applied Computer Security Associates
etc. I hope you get my point, which is: there are
numerous standards of right and wrong; we should
begin by considering
the standards of technically competent
individuals and groups.
-----------------------------------------------------
Get free personalized email at http://email.lycos.com
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
