Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!uwvax!oddjob!gargoyle!ihnp4!occrsh!occrsh.ATT.COM!tiger.UUCP!authorplaceholder
From: rjd@tiger.UUCP
Newsgroups: comp.misc
Subject: Re: Hacker Scholarship, Who really
Message-ID: <140200003@tiger.UUCP>
Date: Tue, 14-Jul-87 09:06:00 EDT
Article-I.D.: tiger.140200003
Posted: Tue Jul 14 09:06:00 1987
Date-Received: Sat, 18-Jul-87 01:37:18 EDT
References: <387@esunix.UUCP>
Lines: 36
Nf-ID: #R:esunix.UUCP:-38700:tiger.UUCP:140200003:000:2097
Nf-From: tiger.UUCP!rjd    Jul 14 08:06:00 1987


> > 
> > ... phreak is the term that should be used to describe people that
> > attempt malicious damage or theft. I use the term hacker to describe
> > someone like myself who writes a 90% full implementation of rogue on
> > a Z80, .. NOTHING I have done while wearing my hacker hat has ever 
> > constituted theft or malicious damage.
> > 
> OK, as long as you're hacking away on your own machine, I have nothing
> but respect for your ingenuity.  As soon as you intentionally break into
> someone else's machine YOU ARE A CRIMINAL!  I don't care whether you damage
> anything or not!  Just like you wouldn't care whether or not I found some-
> thing to take; if I broke into your house, you'd want me prosecuted.
> 
> BTW this may sound like a flame, but it's not intended as such.

  This still sounds suspiciously like burying your head in the sand to a
problem that does not go away just because you decide to ignore it.  If
no one breaks into the system with the express purpose to perform an audit
(with or without the administrator's permission), the first person to find
the security hole may very likely be a person that destroys something.
  I say this because I have gained acces to machines that are administered
by friends, and then informed them of a hole in their system and the steps
that must be taken to correct the holes that I see.  I see your blanket
statement as including me as a criminal.  So be it.  When I have performed
audits on our company's machines, it is for the good of the company, but yet
I defy anybody to determine my methods of access unless they were forewarned
of them, or already have a secure machine.  This makes your classifications
of criminality pretty much a moot point, because you normally have to prove
the act has taken place to prove me a criminal.
  In summary: I would like to modify your statement to say that a criminal act
would be not informing the administrator of the security hole, once it is
detected.  Of course, any malicious damage or gaining of information without
authorization is criminal, but that seems obvious to me.

Randy