Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!seismo!uwvax!oddjob!gargoyle!ihnp4!occrsh!occrsh.ATT.COM!tiger.UUCP!authorplaceholder From: rjd@tiger.UUCP Newsgroups: comp.misc Subject: Re: Hacker Scholarship, Who really Message-ID: <140200003@tiger.UUCP> Date: Tue, 14-Jul-87 09:06:00 EDT Article-I.D.: tiger.140200003 Posted: Tue Jul 14 09:06:00 1987 Date-Received: Sat, 18-Jul-87 01:37:18 EDT References: <387@esunix.UUCP> Lines: 36 Nf-ID: #R:esunix.UUCP:-38700:tiger.UUCP:140200003:000:2097 Nf-From: tiger.UUCP!rjd Jul 14 08:06:00 1987 > > > > ... phreak is the term that should be used to describe people that > > attempt malicious damage or theft. I use the term hacker to describe > > someone like myself who writes a 90% full implementation of rogue on > > a Z80, .. NOTHING I have done while wearing my hacker hat has ever > > constituted theft or malicious damage. > > > OK, as long as you're hacking away on your own machine, I have nothing > but respect for your ingenuity. As soon as you intentionally break into > someone else's machine YOU ARE A CRIMINAL! I don't care whether you damage > anything or not! Just like you wouldn't care whether or not I found some- > thing to take; if I broke into your house, you'd want me prosecuted. > > BTW this may sound like a flame, but it's not intended as such. This still sounds suspiciously like burying your head in the sand to a problem that does not go away just because you decide to ignore it. If no one breaks into the system with the express purpose to perform an audit (with or without the administrator's permission), the first person to find the security hole may very likely be a person that destroys something. I say this because I have gained acces to machines that are administered by friends, and then informed them of a hole in their system and the steps that must be taken to correct the holes that I see. I see your blanket statement as including me as a criminal. So be it. When I have performed audits on our company's machines, it is for the good of the company, but yet I defy anybody to determine my methods of access unless they were forewarned of them, or already have a secure machine. This makes your classifications of criminality pretty much a moot point, because you normally have to prove the act has taken place to prove me a criminal. In summary: I would like to modify your statement to say that a criminal act would be not informing the administrator of the security hole, once it is detected. Of course, any malicious damage or gaining of information without authorization is criminal, but that seems obvious to me. Randy