|
Every time something like this happens, non-technical people don't know how to respond to it. Just look at the DNC Chairwoman's response[0], "That is just like if you walked into someone's home when the door was unlocked and took things that don't belong to you in order to use them for your own benefit." Essentially, "gray-hat" hacking isn't always seen as a friendly warning to the vulnerable as much as it might be an attack. One has to wonder, if one could draw a physical parallel between a trespassing and gray-hat style hack, if you did enter someones house, take their gold watch from their bedroom, then walk down to you sitting at your breakfast table and tap you on the shoulder, and then say, "Hey bro, your door was open, and you didn't even secure your jewelry in a safe with a key in case someone did break in. I did this to demonstrate your house's vulnerabilities, you should be grateful! May be even give me a little something for my troubles..." Of course, the parallel might not be fair, since one can't draw a parallel between a private house and a server with a public facing access point to sensitive material, so the closest proxy I can think of is a bank. Still, a similar parable can be drawn here: You rob a bank without tripping alarms and hand the manager $30000 of stolen money, and claim you did it to warn him/er of issues with the vault's security. In that case, it's plausible to assume s/he might not be that receptive. I think it's great that penetration testers and people of the like are very willing to do the hard work of finding holes in security systems--and not use it for nefarious purposes, but actually disclose it to companies so that they can holster their systems--but how exactly is the hacked party supposed to take it? [0]http://www.cnn.com/2015/12/18/politics/bernie-sanders-campai... |