Hacking in good faith is OK,"wardriving' in texas will earn fatal injection.

Matthew X profrv at nex.net.au
Wed Apr 21 18:32:58 PDT 1999


By D. IAN HOPPER, AP Technology Writer

LAS VEGAS (August 1, 2002 2:40 p.m. EDT) - A presidential adviser 
encouraged the nation's top computer security professionals and hackers 
Wednesday to try to break computer programs, but said they might need 
protection from the legal wrath of software makers.

Richard Clarke, President Bush's computer security advisor, told hackers at 
the Black Hat conference that most security holes in software are not found 
by the software maker.

"Some of us, here in this room, have an obligation to find the 
vulnerabilities," Clarke said.

Clarke said the hackers should be responsible about reporting the 
programming mistakes. A hacker should contact the software maker first, he 
said, then go to the government if the software maker doesn't respond soon.

Hackers commonly share their findings with others in their community 
through e-mail lists or Web sites. But how much they should disclose is an 
ongoing debate among computer security professionals. Some argue that full 
disclosure is best, while others say a hacker should only warn that a 
problem exists without showing how to take advantage of it.

Clarke said hackers shouldn't help criminals by showing how to exploit a 
programming bug before the software maker has a chance to fix the problem 
by issuing a patch, or fix.

"It's irresponsible and sometimes extremely damaging to release information 
before the patch is out," Clarke said.

Companies differ in their response to independent researchers. While some 
encourage or even reward bug-hunters, others are more concerned about the 
possibility of extortion or embarrassment to the company. In some 
instances, they seek civil or criminal charges against the hacker.

Clarke said that situation is "very disappointing," as long as the hacker 
acts in good faith.

"If there are legal protections they don't have that they need, we need to 
look at that," he said.
http://www.nando.net/technology/story/484376p-3867743c.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2413 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/19990421/52056505/attachment.txt>


More information about the cypherpunks-legacy mailing list