Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Hacking 2

Status
Not open for further replies.

Rish21

MIS
Aug 20, 2001
2
AU
Hi,

Reading through various articles on Hacking attempts I came across
instances when hacking was termed as ethical. I would like comments on
when is hacking considered ethical and when it is unethical.

Rishabh
 
Ethical when things are fixed, improved, or tested to make sure they work.
Unethical when things are destroyed or changed to show shortcomings.
Also is related to motivation and what is done with the results.
Hacking SE ,for example, to fix the shutdown problem and publishing the hack would be an example of an ethical hack.
Hacking a browser download site to insert a backdoor program would be an unethical hack. Ed Fair
efair@atlnet.com

Any advice I give is my best judgement based on my interpretation of the facts you supply.

Help increase my knowledge by providing some feedback, good or bad, on any advice I have given.

 
What do you think Rish21?Is Ed Fair right? Sleew
Compaq & Microsoft TS
sleew@infosky.net
 
Hacking in anyform according to me is unethical.
Does a plumber breaking into a house and fixing a faulty faucet sound ethical? Surely when a plumber fixes a fault he does it by prior permission. (more over he is requested to come and fix it).

If a person wants to test a software or something it makes more sense to get permission to do it before he embarks onto it.

"Hacking SE" ...what does this term mean? But from my understanding,I would say, as for publishing hacks I think it is totally unethical as it may act as a source for causing harm by hackers with not so good intentions. Any findings should be only for the owner of the product, and he may decide what he wants to do with it.

Rish21
(Student IM/IS)
 
If a plumber sees water coming out my basement door I sure wouldn't consider it unethical for him to fix it, or at least close the main cutoff.
Hacking SE refers to Microsoft Windows98 Second edition which has a notorious problem. A problem that Microsoft can't resolve, or hasn't resolved.
I understand your feelings. When you get to the real world and find the software and hardware that is pushed on people and companies I think your ethical standards will be interpreted a little differently.
My ethical standards have been shaped by 40 years of having to make things work because companies supply equipment that is defective, not reliable, or programmed in such a way that it fails. If it takes a hack, I hack. If the company has a suggestion program I use it. If not I tell them other ways. If they ignore the problem, it's their problem. Ed Fair
efair@atlnet.com

Any advice I give is my best judgement based on my interpretation of the facts you supply.

Help increase my knowledge by providing some feedback, good or bad, on any advice I have given.

 
What you guys are talking about is two different forms of hacking.

Code Hacking one thing, if you are a programmer, you do it all the time, even if you don't call it that.

Hacking computers is another, some companies hire hackers to test the security on their network, other people hack for the challenge but don't touch anything. Commonly if a person hacks into something to cause damage, the person is called a Cracker. You should define what form of hacker you are talking about before asking if it is ethical or not. Code hackers are fine if the code they are modifying is available to then legally. Hacking computers without permission of the owner is wrong all the time, even if it is to fix a security hole. Mike Wills
RPG Programmer

"I am bad at math because God forgot to include math.h into my programming!"

Please let us (Tek-Tips members) know if the solutions I provide are helpful to you. Not only do my posts help you but they may help others.
 
I agree with Koldark.

I'll carry it one step further and say Cracking is wrong and should only be used to further the cause of the Revolution and New World Order.

Strength and Honor,
Live Free Or Die

pivan In not now, when?
If not here, where?
If not us, who?

Just do it!!
 
Pivan,

I agree with you partially, and with Koldark's analysis completely.

Cracking is wrong. No ifs, ands, or buts.

That's why I disagree with your "should only be used" phrase. If something is wrong, it's wrong, and no amount of pressure makes it right.

The ends do *not* justify the means.

I like Ed's analogy of the plumber fixing a major problem. We can argue about what levels he should go to (break a window? break down a door?), but he is a specialist with a certain responsibility to society at large.

There are "Good Samaritan" laws that have been passed in the US, stating that if a person helps out at an accident scene, they are immune from lawsuits. I believe that this is intended to cover random occurrences (driving down the street, riding on a plane, etc.) and not ambulance personnel and the like.

There is (currently) no similar law regarding hacking, because the lawsuit mania has not hit the software world in this regard.

But it could. If Ed discovered a way to let Win98 SE shut down correctly (something MS did not completely do), and he published it, MS might be able to pull a clause from their license and go after him.

His only "error" would have been in helping people do what they thought they could do when they bought the software.

But here's a slippery slope, too -- deciding what the people want. I can see that you could make the argument that the Revolution is what the people want, and need -- they just don't know it yet.

Difficult issue.

Steve
 
let me play devil advicate here to for an example on craking a guy named bob rights code red now Certs gets a copy and "CRACKS" it so they can see how it work so they can stop it. Is this wrong NO

Now companyA puts out a program lets call it websever ok over on the eastern sea board of the USA an electric company has an IT guy working for them who just got fired and on craking on his own time found a hole with ida packets and websever so he lets a porgram go that just effects this electric company the company calls companyA they fix the porblem but does not tell anyone there is a problem so a few month later someone(person1) else find out and tell the world now companyA makes a fix but someone(person2) was already made a virus that uses this hole to slow down the hole net and even geting root access to a machine to such a piont the government says sothing about it. now who is worng? everyone? So long and thanks for all the fish.
 
Hi ALL,
My concerns are related to HACKING i consider that some forms of HACKING is ETHICAL, as not hackers have malicious intents, also they help to FIX the loop holes of any system
aslo there are some ethics associated with HACKING, well if anyone could guess what they are? Kindly let us know
Regards,
haseeb
 
Hi,
Since the devil never has enough advocates -
Have you all heard about Adrian Lamo, who has discovered major holes in AT&T WorldNet, Excite@Home (when they were still up), Yahoo News, and many other major organizations? And in every case he has gone on to help the companies close the holes, and (assuming you believe the reports) at no point has he used the hacks for personal gain. Can it be unethical when your "victim" thanks you for what you've done and is considerably better off (by theirs, yours, and the public's judgement) after the dust settles?

Also, if you're going to term all hacking bad, we have to think of a new term for "white-hat hackers" since some of them are not hacking boxes they don't own.

-Steve
 
I think we all agree that CRACKING is unethical, since it requires malicious intent.

Hacking on systems you have legal and rightful access to (i.e. hacking your own website to find holes) is also pretty much accepted as ethical.

Now, as for hacking (non-malicious) systems/programs that you do not have legal or rightful access to is where we get into the grey area.

A few points to ponder...

1) Computer Security is a SERIOUS shortcoming in the I.T. world. Techs/Engineers know this, but can't get the funding they need for new training/equipment to fix the problems.

2) Most engineers are happy to receive confidential reports from anonymous hackers about security holes. Managers, however, are never happy to hear about security holes, but won't do anything on the front end to prevent them (see funding problem above)

3) Most fixes that Microsoft and others make available for their software come from problems reported by hackers.

4) Here's the good one. The courts (U.S. - Vary from state to state) have upheld time and again that if someone broadcasts a signal (radio, cordless phone, police radar, etc.) into public domain, then any person may receive those signals so long as the device used to receive does not interfere with the signal.

Is the Internet public domain? Yes in the sense that most persons in the developed world have access to it, no in the sense that nobody owns the air used for radio, but someone (telcos) does own the fiber/copper networks of the Internet.

If the Internet is indeed public domain, then any device connected to it (firewalls and anything outside a firewall) should be considered 'available' by hackers and a 'risk' by management.

Now, let me destroy my own argument. It is illeagal to tap a phone conversation if it's on a wire, but not if it's a wireless broadcast...Does this exclude the Internet from being Public Domain except for where wireless links are used? If so, then hacking in any sense that is not first condoned by the equipments' owner is illeagal (except for wireless) and is a trespass on private property (in a virtual sense). Monkeylizard
-Isaiah 35-
 
If you break into my house in the middle of the night, don't touch anything (this is extremely hypothetical because at this point my dobermans have you crying in the corner) and walk up to my bedroom to tell me that I need to buy stronger locks have you performed an ethical act? No, and the same holds true if you hack into my phone system to let me know I need to delete some defaults and I shouldn't have remote access enabled without barrier codes. Now, if I ask someone to find security breaches that's great, no problem, hack all day long and good luck to you but if I haven't asked and I find you in there I'm going to prosecute. I work on phones predominantly so the environment is a little different but I work hard to make my system impregnable. I don't need some teenager with too much free time hacking in to tell me how to do my job and it makes me sick that the likes of Yahoo, AT&T and Microsoft do need that.
 
My 2 cents: Legal and ethical are two completely unrealted areas. Legal is whatever the law allows, period. Ethical - if you own it do what you want. If you don't own it and haven't been specifically asked to mess with it, leave it alone. Period.

If there were no criminals we wouldn't need to lock our doors. Messing with someone else's systems unsolicited in the name of "helping" them, is not the behavior of a responsible adult.
Jeff
I haven't lost my mind - I know it's backed up on tape somewhere ....
 
thats a very strange way to look at ethical I always thought that ethical was just another way to say is it right we do a lot of thing to help out one another in life that we where not asked to do and we don't own. so is hacking right just like everything it can be or it can not be its a tool like a saw used right it makes great art out of would used wrong it can kill someone. gunthnp
Have you ever woken up and realized you where not alive.
 
That's a wonderful example with the saw but to reiterate, I don't care how beautiful or useful a structure you make out of the two hundred year old oak in my backyard, if I didn't ask you to do it then your use of that tool is illegal. No question about it, I will prosecute you and keep whatever you made because you made it of materials in my possession. That also holds for my intellectual property not freely given as far as I'm concerned.

In terms of systems in my possession, what need do I have to hack into them, they are in my possession. If I needed them to do something that they are incapable of and the only way is to rewrite proprietary code I should have done more shopping before I purchased.
 
On the other hand, if you're a doctor and you can tell that someone is suffering from an illness and they don't appear to be aware of it, is it ethical for you to point it out to them?
 
Here's a scenario, I don't know if this applies to every state, but to the best of my knowledge is still does in Minnesota: You see a car wreck and stop to help. You try to perform CPR but do it incorrectly and break ribs. The victim can turn around and sue you, even though your only intention was to help.

Disrupting someone's business in the name of helping them is not acceptable at any time. Whatever risks a business is running is their own business, not some hacker's. If you disrupt a business you are causing the very same damage you a supposedly trying to help them avoid.

I wish TCP/IP were fully traceable so these misguided souls who write worms and virusus and deface sites were findable. Also, once they are found they need to be held financially liable for every penny of disruption they caused. In other words, someone releases a worm and causes 10 million dollars of damage, they are fined 10 million dollars. Poor for life. If real penalties were laid out, it might discourage such activities.

Like maxg, as a business person, I do NOT want hacker "help".

Jeff
I haven't lost my mind - I know it's backed up on tape somewhere ....
 
Many states now have "Good Samaritan" laws protecting those who do try to help in the circumstance you laid out. Aside from which, the victim would have to survive to sue, right? :)

Given that the USA-PATRIOT Act lumps 90% of hacking/website defacement/etc into "terrorist acts" I think your wish has come true; now someone that hacks a website can spend 20 years in jail.

I don't want hacker "help" either if it's destructive, and I can't imagine why anyone would. OTOH, if they operate like Adrian Lamo, I don't think I'd be inclined to press charges.
-Steve
 
True, it's not the greatest example. Just trying to get at varying degrees of "help". Any unsolicited disruption, no matter how slight, should be punishable, no matter what the intent was. The kids that want to play should get Xboxes and Playstations and leave the Internet to the adults.

I don't need others pushing me aside to "help" me with my job, just as I don't need to push others to help them do theirs. (although I do once in a while want to "help" certain football coaches on Sundays.... ;-) )

Jeff
I haven't lost my mind - I know it's backed up on tape somewhere ....
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top