theo.bbs@shark.cs.fau.edu (Theo Heavey) (05/08/91)
Hi there --- I was interested in opinions about the contents of the Hacking Issue (I think it was March)? Is the cracker (aka dark side hacker) the antithesis of a programmer? Does every access to a system need to be monitored? Why cut off my resources to protect me? my university? my work? Who should pay if someone gets into a "sensitive" system? The programmer who developed the software? the sys admin? the "cracker" that may have stumbled into the system by "accident"? When is a prank a felony? I am interested in all opinions (gotta get a new flame suit though ;-) ) Theo Heavey Florida Atlantic University theo@cs.fau.edu
rothstei@mcs.kent.edu (Michael Rothstein) (05/09/91)
In article <sHyL21w163w@shark.cs.fau.edu> theo.bbs@shark.cs.fau.edu (Theo Heavey) writes: >Hi there --- > >I was interested in opinions about the contents of the Hacking >Issue (I think it was March)? March it was, all right. > >Is the cracker (aka dark side hacker) the antithesis of a programmer? I could just ask you to explain your terms: instead, what I will do is give you my views of cracking: cracking access to system is an ethical nono, just like break-and-entering, IMO: _A_PERSON_SHOULD_ONLY_ATTEMPT_TO_LOGIN_ _TO_A_SYSTEM_WHEN_HE/SHE_HAS_BEEN_AUTHORIZED_TO_DO_SO_. Anything else is unethical/illegal behavior and should be punished! Access to a person's/ company's computer should be as restricted as access to a person's/company's private property aka real estate. If you are talking about cracking program copy protections, FOR YOUR OWN USE, that is legit: the minute you use that to produce copies that may run on two different computers simultaneously, you are in trouble for copyright violation and/or licensing violations. > >Does every access to a system need to be monitored? No, however, reasonable cause for monitoring access to a system may exist, just as there is sometimes reasonable cause to tap phone conversations under certain circumstances. > >Why cut off my resources to protect me? my university? my work? Who is cutting off resources? Unless you are talking about using some resources to prevent crackers to enter a system: it is similar to requiring you to use a key to enter a building: though I am no lawyer, the principle here is that if you break the security in order to enter, it will be easier to prove that a felony was committed (namely breaking and entering!) As to why, here are two possible scenarios: a) A student who has his term project due (say a compiler, for concreteness) gives the finishing touches in his final 30-hour session and finishes a whole _seven_hours_ before the project is due: satisfied, he goes to sleep in his dorm after deciding to go to the dept to pick up his printout shortly before due time: while he sleeps, the cleaning crew arrives, thinking that his output (which had been dropped on the floor by another user) was trashed, junked it. Our student comes in in the morning, discovers that his output is gone, logs in to his system, has some difficluties because a cracker cracked his account, wiped out all his files and changed his password. As the student: would you be happy after having lost the result of those final 30 hours of work? In answer to your question below, notice it COULD have been a prank!!! ;-) b) How about a cracker stealing the code somebody is working on and selling it himself? (Say a new super-duper game that took years to design and get working right). > >Who should pay if someone gets into a "sensitive" system? The programmer >who developed the software? the sys admin? the "cracker" that may >have stumbled into the system by "accident"? I'll leave that one up to the lawyers: however, ``stumbling into a system by accident'' is a very rare occurrence IMO, and even rarer, if you have some ethics, is staying around to get some info. > >When is a prank a felony? Any time there is damage to limb or property _HOWEVER_MINOR_. > >I am interested in all opinions (gotta get a new flame suit though ;-) ) Guess I will need a flame suit also ;-). > >Theo Heavey >Florida Atlantic University >theo@cs.fau.edu -- Michael Rothstein (Kent State U)| If cars want to kill themselves, (rothstei@cs.kent.edu) | that's their problem: what I can't | understand is why they keep doing it (std. disclaimer) | with people inside. (Mafalda (Quino))