[lug] Re: Social Contracts

John Hernandez John.Hernandez at noaa.gov
Mon Apr 22 10:08:33 MDT 2002


I don't quite view it in the same unethical light as irresponsible 
disclosure of software vulnerabilities.  The map in question has 
already been in heavy circulation in hacker circles (didn't we see a 
link to one posted to this list?), where the knowledge is most likely 
to be exploited.  In my view, what the paper has done is hopefully 
raise the awareness of the naive and careless, in hopes that they don't 
make the same mistake or correct their alleged mistake.

Then there's also the possibility that some people WANT these networks 
to be used by public at large, but admittedly that's probably the 
exception rather than the norm.

Scott A. Herod wrote:

> Hello all,
> 
> Speaking of social contracts, did anyone see the business section
> of the Camera on Saturday.  I'm I wrong to become angry about the
> publication of a map with stick-pins locating open wireless networks.
> ( No, mine is not one of them. )  I acknowledge the necessity of
> making security vulnerabilities well known, but that map seems to
> be the ethical equivalent of a lock-smith checking front doors in a
> neighborhood and printing a map of people that don't lock theirs.
> 
> At what point do people alerting others to security problems go too
> far?
> 
> Scott
> 
> Paul Bille wrote:
> 
>>>I get stuff like this all day long . . .
>>>
>>Thanks Daniel.
>>
>>I guess I have too much time on my hands.  Anyone know where I can find some
>>work to occupy my time and fill out my check book?
>>
>>In the mean while, it's not a futile effort.  I received a note from
>>abuse at jaring.my confirming they had identified the source and advised the
>>network administrator to take action.
>>
>>There may be value in creating a "Wall of Shame"; a database of known
>>abusers.  If we compile a list of sources for these kinds of attacks, maybe
>>we can discourage them.  Initially accumulating the IPs for attacks would
>>allow us to identify ISPs with lax security.  Ultimately it would be
>>desirable to tie attacks directly to authors by name.  Reputation, good or
>>bad is a social contract that holds people accountable for their actions.
>>
>>Thanks,
>>Paul
>>http://bille.cudenver.edu/author
>>
>>_______________________________________________
>>Web Page:  http://lug.boulder.co.us
>>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> 


-- 

   - John Hernandez - Network Engineer - 303-497-6392 -
  |  National Oceanic and Atmospheric Administration   |
  |  Mailstop R/OM12. 325 Broadway, Boulder, CO 80305  |
   ----------------------------------------------------




More information about the LUG mailing list