Some of my students this semester seem very interested in the cracking side of things. How much should I teach them?
A tricky area that I have yet to deal with adequately. Part of my response to one student who asked about finding a possibly vulnerable server:
A good citizen would advise the owners of the server… or would they?
There are the issues that I raised of the whistle-blowers. Compare Mike Lynn to the Zeroday Initiative. If you inform the organization, what will they do: ignore you, sue you, hand you over to the police, thank you or pay you?
Things are much more complicated than you think:
o Can you tell the difference between a real server and a Honeypot? I think not….
o There is a more complex issue of an older, but patched version of software versus an old and unpatched version. Just because a server is running an old version, it does not automatically mean that it is vulnerable.
A little knowledge is a dangerous thing!
Not to mention quite illegal……
Reasonable or not?
No comments:
Post a Comment