nCircle.com >> 360 Security

« Vulnerability Scoring (Part II): Remembering your Audience | Main | SCADAGard SIG To Be Established »

Hoarding Knowledge

On Tue, 8 Feb 2005, Dave Aitel wrote:

This is a quick announcement that the recent Microsoft patch (MS-05- has fixed a vulnerability I found a while back in SMB. [excerpted from http://lists.virus.org/dailydave-0502/msg00031.html]

Very convenient how these guys are like 'oh yeah we found that years ago but didn't do anything with it'. Seems to me they like holding on to their shit so they can talk themselves up and look cool, which isn't in keeping with an honourable way to carry one's self, if you ask me.

When I was younger I read, and subsequently became a huge fan of, Steven Levy's book 'Hackers'. I'm sure most people (of a hackish nature) are familar with the book and with the 'Hacker Ethic' that it takes care to promulgate. I thought it was a noble and beautiful creation. To wit, an excerpt from the the Hacker Ethic as listed in the book:

Access to computers -- and anything which might teach you something about how the world works -- should be unlimited and total. Always yield to the Hands-On Imperative! Hackers believe that essential lessons can be learned about the systems -- about the world -- from taking things apart, seeing how they work, and using this knowledge to create new and even more interesting things. They resent any person, physical barrier, or law that tries to keep them from doing this.... Rules which prevent you from taking matters like that into your own hands are too ridiculous to even consider abiding by.... All information should be free. [From Hackers: Heroes of the Computer Revolution by Stephen Levy. Anchor Press / Doubleday. New York, 1984.]

I recognize the need for trade secrets, and that the quality of our life is dependent on the ability to do business and aquire commodities that address our needs as human beings. But there has to be a middle ground and an honourable way to do it. I am aware of the hypocrisy in my own life; I don't live up to the hacker ethic all the time either.

Maybe he didn't want to share the information 'cos he had concerns someone would take it and claim it was theirs. So what? Let it all hang out man - karma will take care of the rest.

Posted on February 18, 2005 9:05 AM |

Comments (1)

Jeff Harrell:

I love that book. I read it in Maui, Hawaii (what up TK!) sitting by the pool in view of the ocean, with a Mai Tai on the table next to me. That may have clouded my opinion but I enjoyed the book nonetheless. :)

Posted by Jeff Harrell | February 18, 2005 1:56 PM

Posted on February 18, 2005 13:56

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search


About

This page contains a single entry from the blog posted on February 18, 2005 9:05 AM.

The previous post in this blog was Vulnerability Scoring (Part II): Remembering your Audience.

The next post in this blog is SCADAGard SIG To Be Established.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]