[lug] Re: Social Contracts
John.Hernandez at noaa.gov
Mon Apr 22 10:08:33 MDT 2002
I don't quite view it in the same unethical light as irresponsible
disclosure of software vulnerabilities. The map in question has
already been in heavy circulation in hacker circles (didn't we see a
link to one posted to this list?), where the knowledge is most likely
to be exploited. In my view, what the paper has done is hopefully
raise the awareness of the naive and careless, in hopes that they don't
make the same mistake or correct their alleged mistake.
Then there's also the possibility that some people WANT these networks
to be used by public at large, but admittedly that's probably the
exception rather than the norm.
Scott A. Herod wrote:
> Hello all,
> Speaking of social contracts, did anyone see the business section
> of the Camera on Saturday. I'm I wrong to become angry about the
> publication of a map with stick-pins locating open wireless networks.
> ( No, mine is not one of them. ) I acknowledge the necessity of
> making security vulnerabilities well known, but that map seems to
> be the ethical equivalent of a lock-smith checking front doors in a
> neighborhood and printing a map of people that don't lock theirs.
> At what point do people alerting others to security problems go too
> Paul Bille wrote:
>>>I get stuff like this all day long . . .
>>I guess I have too much time on my hands. Anyone know where I can find some
>>work to occupy my time and fill out my check book?
>>In the mean while, it's not a futile effort. I received a note from
>>abuse at jaring.my confirming they had identified the source and advised the
>>network administrator to take action.
>>There may be value in creating a "Wall of Shame"; a database of known
>>abusers. If we compile a list of sources for these kinds of attacks, maybe
>>we can discourage them. Initially accumulating the IPs for attacks would
>>allow us to identify ISPs with lax security. Ultimately it would be
>>desirable to tie attacks directly to authors by name. Reputation, good or
>>bad is a social contract that holds people accountable for their actions.
>>Web Page: http://lug.boulder.co.us
>>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
- John Hernandez - Network Engineer - 303-497-6392 -
| National Oceanic and Atmospheric Administration |
| Mailstop R/OM12. 325 Broadway, Boulder, CO 80305 |
More information about the LUG