[daeken]

Let's phrase this in another hyperbole, shall we? Should you rob every bank that doesn't have an alarm or leaves the vault open? No. But if a lot of banks had no policies in place to prevent those things from occurring, would you feel more secure that someone was walking into the bank, taking photos of their break-in, and not stealing the money?

I don't agree with their means (it's wrong, IMO, to mess with any machine you don't have permission to mess with) but their end goal aligns with mine: make the world more secure.

> I have a dream that one day my website with minimum security won't be hacked for lulz and will be treated with respect. =)

Would you rather have your site hacked for lulz, or would you rather someone go in and sell your customer's data on the black market?

[hugh3]

But if these are just DDOSes, then (a) there's no way to steal sensitive information that way, and (b) there's no real defence against 'em anyway. So this particular argument is pointless, right?

There's an argument for whiteish-hat intrusions, but DDOSes must be intrinsically black-hat, right?

[niels_olson]

>DDOSes must be intrinsically black-hat, right?

No. While I agree there's no red-team contribution in a DDOS, quite a few people regarded Anonymous DDOSes on Wikileaks detractors (MasterCard, et al) as the digital equivalent of a sit-in. That seems a bit of a stretch to me also, but certainly there's some application of DDOS that's not purely black-hat.

[daeken]

Yea, I'd definitely agree in the case of DDOSes -- they don't seem to make sense with their other attacks, even. Silly and destructive.