Re: RE: Informing Companies about security vulnerabilities...

From: v0083mw02@sneakemail.com
Date: Fri Oct 06 2006 - 09:38:36 EDT


('binary' encoding is not supported, stored as-is)         It seems to me that every time a subject like this is broached there is always the question or response of, "is it ethical to do?" I broach to you all the fact that we are here to perform a service. A service that was taught to us and our mentors by individuals who created what is known as HACKING. Do you think of yourself so highly to believe the skills that you have learned were created for legal purposes? So to those of you whom believe that what you have learned either in a class or on your own, I call upon you the BS flag. In my years of doing security, most of what I have learned and understood has been off of the efforts of those before me as well as hands on. This taught me my abilities to be who I am today...
        What would the world be without people like Kevin Mitnick now the worlds number 1 leading security expert? Or the Frank Abignales' working with the FBI? Criminals keeping the world safe. What Hippocrates!
        Yet we rebound to our statements, "is it ethical?" Who creates ethics? Who drives ethics? If I can save someone from being run over by a bus do I do so? As a human being with emotions I jump and save that person because I know I must. But do I save someone's business from being taken over and misused for all its worth, owww nooooo that would be ethically wrong.
        I too have reported sites with vulnerabilities in my daily affairs because I have happened upon them. What they do after I report it is none of my business. But ethically I have performed my job. Ethically. You... You who thinks you are so much better to be paid for your abilities then to offer them freely... you do not have the capability to understand what the hackers creed is all about. You are just a business man, out for your own, getting yours, and moving on. I ask you, does the stock market care about your ethics, does the government care about your ethics, does your bank care about your ethics? Because someone has just reported a vulnerability to them about their systems and your account resides on it as well, and they did nothing!
        We are professionals! Act responsibly, act sensibly, and always provide assistance to those who need it most. Not superhero's, just professionals!

Kawika Takayama
CISSP, IAM/IEM, CEH, blah blah blah

We should be taught not to wait for inspiration to start a thing. Action always generates inspiration. Inspiration seldom generates action.
  - Frank Tibolt

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:08 EDT