Do gooders?

For all those do-gooders that think they're doing someone a favour by
trying to tell someone with an insecure network that it's insecure...

http://www.theregister.co.uk/content/55/32799.html

David Taylor wrote:

> For all those do-gooders that think they're doing someone a favour by
> trying to tell someone with an insecure network that it's insecure...
>
> http://www.theregister.co.uk/content/55/32799.html

He didn't just tell them it was insecure, he purloined copies of
private info to demonstrate the insecurity -- and stealing data
is illegal.
--
Cheers, Bob

On Mon, 15 Sep 2003 12:32:24 +0100, David Taylor spoketh

>For all those do-gooders that think they're doing someone a favour by
>trying to tell someone with an insecure network that it's insecure...
>
>http://www.theregister.co.uk/content/55/32799.html

That's neither a "do gooder" nor a "security consultant". Any security
consultant with half a brain does not hack into someones network, copy
their data, then prints it out and send it back to them with a note
saying how stupid they are ...


Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)

> He didn't just tell them it was insecure, he purloined copies of
> private info to demonstrate the insecurity -- and stealing data
> is illegal.

Sure, but equally some people here have mentioned that they leave text
files around to mention how insecure someones network is.

That would be a breach of the Computer Misuse Act here.

Remember also the thread a while back where the poster claimed to have
been able to access credit card details from the company opposite? How
would he go about demonstrating that without showing that he had the
credit card details?!

David.

> That's neither a "do gooder" nor a "security consultant". Any security
> consultant with half a brain does not hack into someones network, copy

Just pointing out that some people don't take kindly to *any* sort of
information that someone puts their way in the name of "helping out".

Just advising a little caution for those that think it's helpful to go
and tell people how insecure their network is!

David.

On Mon, 15 Sep 2003 15:06:21 +0100, David Taylor spoketh

>> That's neither a "do gooder" nor a "security consultant". Any security
>> consultant with half a brain does not hack into someones network, copy
>
>Just pointing out that some people don't take kindly to *any* sort of
>information that someone puts their way in the name of "helping out".
>
>Just advising a little caution for those that think it's helpful to go
>and tell people how insecure their network is!
>
>David.

And understandably so. I just don't think neither "do-gooder" nor
"security consultant" are terms that should be associated with this
individual...


Lars M. Hansen
www.hansenonline.net

David Taylor wrote:
> For all those do-gooders that think they're doing someone a favour by
> trying to tell someone with an insecure network that it's insecure...
>
> http://www.theregister.co.uk/content/55/32799.html

Sounds like he went a little overboard to prove his point.

On Mon, 15 Sep 2003 12:20:02 GMT, Lars M. Hansen <(E-Mail Removed)>
wrote:

>Any security
>consultant with half a brain does not hack into someones network, copy
>their data, then prints it out and send it back to them with a note
>saying how stupid they are ...

....and he definitely doesn't sign the notes with his name, address, and phone
number...

--
Friends don't let friends shop at Best Buy.

"David Taylor" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> For all those do-gooders that think they're doing someone a favour by
> trying to tell someone with an insecure network that it's insecure...
>
> http://www.theregister.co.uk/content/55/32799.html

Stupid guy if you ask me!

Thor.

In article <(E-Mail Removed)>,
Lars M. Hansen <(E-Mail Removed)> wrote:
:That's neither a "do gooder" nor a "security consultant". Any security
:consultant with half a brain does not hack into someones network, copy
:their data, then prints it out and send it back to them with a note
:saying how stupid they are ...

We don't know the history of this case, and we don't know the other
side of it.

Imagine you happened to visit a hospital for some reason, and while
you were there you happened to notice that the hospital had a wide-open
WiFi. Imagine you told someone and they didn't care. Imagine that the
response was along the lines of "Don't be silly; no-one can get into
our system, and even if they did, there's nothing interesting there."
Imagine if they were dismissive of your reports, and started treating
you like a crackpot.

If such a thing were to happen, then would you be content to say
"Gee, they told me no-one can get into their WiFi, so I must
be misremembering my experiences otherwise; I'm glad everything is
okay there." ? Can you say that you would not get upset about their
refusal to face the facts, leading you to pull a few files off as
evidence to -prove- to them that they are wrong? And if they still
didn't listen, could you say that you wouldn't then proceed to try to
contact a patient or two to get the patient onside to force the
hospital to stop denying and start fixing?


We don't know exactly what happened in this -particular- case, but
to me it has the look of being a potential "shoot the messenger" case.
You know how it goes -- "A" is doing something wrong, "B" tries to
get "A" to stop doing it, "A" doesn't take it seriously, "B"
threatens to go public... and to keep control of the situation and
save embarrasment, "A" reacts by suing / charging "B". Often,
the "whistleblower" suffers far more than the offender
--
Usenet is one of those "Good News/Bad News" comedy routines.