Imagine: You login to a computer at school, only to find that your documents and files have been tampered with. How do you know that? By instinct, and a shot of hot blood rushes to your head because you feel molested. As if somebody stole your firstborn child out of his crib during the night, and you do not realize it until you chew the first morsel of your breakfast sandwich.
Who is to blame here: The asshole who hacked into your account, or the incompetent network administrator?
In Security and Risk Analysis 111, we were on the topic of law and ethics and stumbled on the following scenario:
A student suspected and found a loophole in the university computer’s security system that allowed him access to other students’ records. He told the system administrator about the loophole, but continued to access others’ records until the problem was corrected two weeks later.
There are 2 parts to this problem: 1) is it ethical to intentionally seek out loopholes? and 2) is it ethical to take advantage of a vulnerability until the problem is corrected?
Well, according to the Ten Commandments of Computer Ethics both are highly unethical. But who the hell is the Computer Ethics Institute to lay down the rules for what’s right and wrong?
I don’t believe in hacking a computer or a network for malicious purposes. Some kids get hard-ons from the feeling of power they experience when they think they’re smarter than the school IT department.
But searching for loopholes is okay for the benefit of the system. And that’s what our group project is going to be for SRA111: To perform a security and vulnerability assessment of the Penn State University network. We will be working off of the preconception that no network can ever be 100% secure.
Got Thoughts?
By all means share them, and start the conversation.
Leave Your Own Comment
You can follow any responses to this entry via its RSS comments feed. You can also leave a trackback if the inclination is there.