robison@eosp1.UUCP (Tobias D. Robison) (05/07/84)
References: Hackers can provide a service to system vendors by demonstrating their vulnerability to penetration. This sort of service is similar, I think, to providing "protection" on the streets, but here's how it might be done honestly: (1) A hacker contacts a company and explicitly proposes to break into their system to demonstrate its security weaknesses. (2) The company accepts (if they don't, the hacker should try elsewhere), and agrees that if the hacker places a file on their system in a specified place, containing specified data, that they will then pay him such and such... The hacker also agrees to provide a record of all his actions on the system, once he has broken in. (3) The hacker and company sign an appropriate contract protecting their respective proprietary interests. (4) Good luck to the hacker. If he breaks in, of course he does no damage, but simply fulfills the contract. A hacker who is willing to make such a contract has protected both himself and his "victim", but he can still have all the fun AND earn money. I can see only two things to keep this sort of thing from catching on: - Most companies would like to know and trust the fellow who is trying to break in. - I don't really believe that hackers breakin to systems to cause no damage and to use up none of the victim's resources. I think contracts such as I have suggested would not satisfy their lust for aggressio and free computer services. - Toby Robison (not Robinson!) allegra!eosp1!robison decvax!ittvax!eosp1!robison princeton!eosp1!robison
ix21@sdccs6.UUCP (David Whiteman) (05/08/84)
All these articles about hackers' contracts with system vendors remind me of a newspaper story I read a few years ago. The article was about the first automatic bank teller machines. Apparently an executive of Chase Manhattan did not trust the ATMs when he first heard about them. So he had one set up in either Caltech or MIT and offered a prize to the first student who could break into the machine. The student who did was from Berkeley; he stated he used the same methos he used in breaking into the BART system.