In extention of the slashdotstory about a pentester who is convicted for reporting a vulnerability to the University of Southern California we have a poll at the left sidebar. Any comments about the poll are welcome under this post.
After the poll closes I will give my opinion on it, maybe in a nice editorial or something, but right now I like to see yours!
Your poll was a bit confusing. I personally feel that if I find a vulnerability in some code and report it to the person running the code, I should not be considered a “hacker”, but I should be thanked for notifiying us.
For example. Last week I found an issue with PHPLive!, I had been exploted, I found the way the person had exploited me. To see if it was a “global” issue, I did a google search for other people who were running PHPLive!. I found this one fellows site, I tried the “exploit” and gained access to his server!
Did I phreak, or delete files, or read personal information? No. I did a lookup on his domain, and called him. I actually WOKE HIM UP. And you know what his email to me the next day said? “I wish there were more people like you in the world” and “thank you very much, I hope the exploit to your site wasn’t too bad”.
If people keep charging and convicting the people who are out there helping, then eventually no one will help. And at that point, if they get hacked, its tough shit.
Cheerios.
Z3K3
1qBiGi