Note: This column represents the opinions
of the writer and as such, is not purported as fact
Sponsor's Message
|
Thanks to recent law changes, the differences between legitimate research,
budding entrepreneurism, and crime have been all but erased.
First let me say that I'm all in favour of whacking snotty little crackers
upside the head with a very heavy piece of four-by-clue -- but I'm wondering
whether our laws have forgotten about the good done by white-hat hackers.
Take this story
running on the Stuff website for example.
In this piece, we're told that Massey engineering student Gladwin Mendez
"was able to access obviously sensitive company files" during his
wardriving research through Palmerston North.
Did Gladwin realise that, by conducting this research, he was breaking the
law and risked prosecution?
The fact that he was clearly not testing the security of these wireless
networks with any malevolent intent is irrelevant, he was accessing those
networks without permission and that (if I understand the law correctly)
is a crime.
Now have your say
|
Got something to say about today's column, or want to see what
others think?
Visit The Forums
While you're here, why not visit the Aardvark
Hall of Shame
and perhaps make your own nomination.
|
|
Fortunately for the businesses involved, Mr Mendez is clearly a white-hat
hacker but the law appears to make no distinction -- and that's a worry.
In the almost 10 years I've been publishing this column I've often come
across gaping security holes in people's websites or other online servers.
It has always been my policy to contact the owner and let them know that
they have a problem, often spending quite a bit of time liaising with them
and their technical staff in order to lock things down.
Unfortunately, the recent law changes have meant that I can no longer
afford to do that -- it's just too risky.
All it would take is some crazy system admin over-eager to shift blame away
from their own incompetence by laming the messenger to see me, or anyone
reporting a security problem, facing criminal charges.
It would not be too much of a stretch for some delusional admin or business
owner to also get the wrong end of the stick and interpret "you have a security
problem, if I can help just let me know" as an extortion attempt.
Long-time readers of this column will probably recall that the NBR had a spaz-attack
a few years back when I was checking to see how many local sites were vulnerable
to a Cold Fusion vulnerability. Under today's laws they could have had my
sorry backside charge with hacking.
This means that neither I, nor any other sensible commentator will be able
to accurately determine whether players in the local industry are actually
keeping their systems secure for fear of winding up in court.
So, if I accidentally stumble across another gaping security hole while cruising
the Net, I'll just keep my mouth shut and wait until a real hacker finds the
same hole. Then I'll probably end up reporting on the damage they wreaked.
Was that really the intention of the anti-hacking laws?
Lighten Up
It's time for more crazy stuff from the wierdest parts of the web.
If you've ever wondered why the US weather service doesn't just use nukes
to blow up dangerous hurricanes,
here's the answer.
And, from the crazy signs department, here's
one for golfers.
Finally, if you've been wondering about how declining educational standards
are affecting our workers, well look here.
Yes, You Can Gift Money
I've published this website for the past nine years as a service to the
local internet and IT industry and during all that time it has been 100%
free to access. It is my intention to ensure that it remains completely
free and free of charge and contains only the most sparse levels of advertising.
Aardvark is not a business, it is a free resource.
If you feel that this is a good thing and/or you hold a "geniune affection"
for yours truly -- then you are welcome to gift me some
money using the buttons provided. In gifting this money you accept that no goods,
service or other consideration is offered, provided, accepted or anticipated in return.
Just click on the button to gift whatever you can afford.
NOTE: PayPal bills in US dollars so don't accidentally gift more than
what you were intending :-)
Contacting Aardvark
I'm always happy to hear from readers, whether they're delivering brickbats,
bouquets or news tip-offs.
If you'd like to contact me directly, please
this form. If you're happy for me to republish
your comments then please be sure and select For Publication.
Other media organisations seeking more information or republication rights
are also invited to contact me.
Add Aardvark To Your Own Website!
Got a moment? Want a little extra fresh content for your own website or
page?
Just add a
couple of lines of JavaScript
to your pages and you can get
a free summary of Aardvark's daily commentary -- automatically updated
each and every week-day.
Aardvark also makes a summary of this daily column available via XML using
the RSS format. More details can be found
here.
Contact me if you decide to use either of these feeds and
have any problems.
Linking Policy
Want to link to this site? Check out Aardvark's
Linking Policy.
|
Did you tell someone else about Aardvark today? If not then do it
now!
|
|
= open in new window