Featured Opinion: Q&A: Is Hacking Ethical

by Marcia J. Wilson, CCSP Staff Writer
May 08, 2004


"Reprinted from MARCH 24, 2004 " The definition of hacker has changed radically over the years. With the aid of the mass media, the word has developed a negative connotation rather than the positive one it used to have. Add ethical in front of hacker, and it's even more confusing. For the purposes of this article, I'll define those hackers with malicious intent as "crackers." Hackers can be categorized into the following three buckets:

SECURITY PIPELINE BLOG
Online Fraud Makes All E-Business Look Sleazy
By Mitch Wagner

The current worm on the loose is a combination of two sleazy e-mail tricks in one. Not only is it a worm, but it's also an example of phishing.

Phishing is an Internet con game that attempts to steal credit card numbers. The phishing e-mail is a forgery that looks very official, and appears to come from a reputable business. It warns users of some irregularity in their accounts and directs the users to a web site where they're asked to enter their credit card numbers.

Rights Advocates Urge Patriot Act Amendments
By Caron Carlson

WASHINGTON—Two years after granting the FBI a series of new electronic surveillance and search powers to combat terrorism, Congress is taking a closer look at the impact of those powers and of other provisions in the USA Patriot Act. What makes the matter particular pressing for politicians is that the act's critics span the entire political spectrum.

Jun 26, 2003 8:25 pm US/Eastern

No one disputes that Michelle Zimmermann lost control of her 2002 GMC Yukon as she drove on a two-lane highway in Massachusetts one snowy afternoon last January. Her friend died after the SUV slammed into a tree.

Zimmermann claims she was driving within the posted 40 mph speed limit, but like millions of other Americans the 33-year-old didn't know that her vehicle had a "black box." Monitoring her driving, it recorded the last few seconds before the crash.

By Paul Roberts IDG News Service 06/25/03

It's shaping up to be a bad week for antivirus software company Symantec after researchers raised alarms about security holes and buggy code in two of the company's products.

On Monday, Symantec acknowledged a report about a serious security flaw in Symantec Security Check, a free online service that enables users to scan their computer's vulnerability to a number of security threats.

Software marketing targets parent paranoia over paedophiles

Spyware developers have taken to boasting about how intrusive their programs are, in full knowledge that there are enough control freaks around to keep them in business.

Spectorsoft has released a new version 3 of its Eblaster spy software. This will record a PC's every keystroke, plus incoming and outgoing emails, passwords, instant messages, chat and websites visited - and send it all to a specified email address.

Dan Gillmor, IDG News Service, Framingham
14/04/2003

Since March 31, most corporate networks in Michigan have been using illegal technology. No, it wasn't an early April Fools' Day joke pulled off by the Michigan Legislature.

Thanks to the movie industry's paranoia about copyright infringement - plus a clueless group of lawmakers and an inattentive IT community - amendments to a state law called Act 328 have created a mind-boggling slew of limitations on what users of technology may do with what they own.

Here's just one example: Users may not conceal the origin or destination of their communications. Consider the implications.

By Mitch Wagner

Security administrators have been kept hopping this week with a series of vulnerabilities and patches for Microsoft and Unix systems.

In the latest events on Wednesday, Microsoft announced a vulnerability in Windows, the second Windows problem announced by Redmond this week that could allow attackers to take over a target system.

By INQUIRER staff
02-23-2003 7:18:12 PM CST
Posted 10:45 AM Feb.24, 2003 EST

A REPORT ON Israeli newspaper Ha'Aretz said that law enforcers need only to call Ebay and they'll be sent every detail of visitors to its auctioneering web site, tout suite. Reporting on a conference called Cyber Crime, the newspaper quotes executive Joseph Sullivan as explaining that visitors fill in the terms and conditions form on Ebay, and the second he or she clicks "I agree", that means she or he agrees that the firm can submit all personal data to any law enforcement officer who asks. End users agree to a contract which in total amounts to over 10,000 words.

---

Ebay will fax back full names, email addresses, home address, phone number, and the history of items and all other data that it stores. It has stored every bit of data since it started in 1995. And Ebay says it routinely receives something like 200 such requests a month from law enforcement officials. Ha'Aretz said that Ebay employs six investigators to track suspicious people and suspicious behaviour. Ebay also owns Paypal and has 20 million files on its users, but it won't disclose those details without a court order....continued....

A growing number of Microsoft Corp. customers are angry and frustrated with what they say are the company's thinly veiled attempts to use its well-publicized security initiative to get them to upgrade or buy new software.

Users contacted by eWeek last week reported various technical problems with Microsoft's automated services that let customers download and install patches for applications such as Internet Explorer 5.5 or Windows NT 4.0. They also said that when they contacted Microsoft support personnel, they were told that the software they were running was outdated. The solution: Upgrade to a more recent, more secure version.

One user with extensive security training, who asked not to be named, said she recently installed Windows 2000 Service Pack 3, which includes security fixes. The installation destroyed her network connection, forcing her to uninstall the service pack and leaving that machine exposed to the vulnerabilities the update should have fixed.