Why won't people let you help them?

What is right? Is there right? Are you right?

Why won't people let you help them?

Post by bandchicky314 on Mon Mar 21, 2011 7:18 pm
([msg=55328]see Why won't people let you help them?[/msg])

I've been reading some stuff on the Ethics forum and a lot of people are asking whether or not to report vulnerabilities to the sites admin or IT or whatever. Aside from the fear of legal action being taken against them (sad too but not the point) people are mad that the company will get pissed off at them. I don't understand as why people won't let you privately disclose vulnerabilities to them. I mean I know that some people are 14 and people don't like to listen to 14 year olds (because apparently we're all stupid) but other than that I just don't get it.

So I want your thoughts on it. Please discuss with me. :idea:
bandchicky314
New User
New User
 
Posts: 20
Joined: Sat Jan 08, 2011 11:14 am
Blog: View Blog (0)


Re: Why won't people let you help them?

Post by Goatboy on Mon Mar 21, 2011 7:38 pm
([msg=55333]see Re: Why won't people let you help them?[/msg])

I am pretty sure people get mad based on some psychological desire to be right. By revealing a flaw in their system, you are essentially saying "You dun goofed." Or it might just be that they see you as a threat and don't know any other way to react.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2825
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Why won't people let you help them?

Post by pretentious on Mon Mar 21, 2011 8:08 pm
([msg=55335]see Re: Why won't people let you help them?[/msg])

This has happened to me. I thought the webmaster will welcome my input and appreciate that in a way, I've gone to the trouble to help him do his job. Instead, I'm met with abuse. No user with legitimate use or resources in mind would try what i did, so I'm certainly not in the right and look a bit dodgy for finding it, but surely ironing out logical errors in a website is a good thing? And I'm pretty sure the webmaster just dismissed the problem because no one will ever try it, so it doesn't need to be fixed, which in my opinion, isn't the right way to go. Might be obvious, but i think the reason why it is a problem is because by disclosing vulnerabilities, you are basically admitting to snooping around their stuff.
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
pretentious wrote:Welcome to bat country
User avatar
pretentious
Contributor
Contributor
 
Posts: 714
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)


Re: Why won't people let you help them?

Post by bandchicky314 on Mon Mar 21, 2011 8:24 pm
([msg=55339]see Re: Why won't people let you help them?[/msg])

One more stupid question why I'm here, is poking around their stuff illegal? Or is just admitting to it illegal?
bandchicky314
New User
New User
 
Posts: 20
Joined: Sat Jan 08, 2011 11:14 am
Blog: View Blog (0)


Re: Why won't people let you help them?

Post by Goatboy on Mon Mar 21, 2011 8:27 pm
([msg=55340]see Re: Why won't people let you help them?[/msg])

bandchicky314 wrote:One more stupid question why I'm here, is poking around their stuff illegal? Or is just admitting to it illegal?

As long as you don't actually break into anything, it's legal. Unless of course they specifically say otherwise, but there's little chance of them enforcing it.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2825
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Why won't people let you help them?

Post by bandchicky314 on Mon Mar 21, 2011 8:41 pm
([msg=55342]see Re: Why won't people let you help them?[/msg])

So viewing the source code would be legal, but using SQL injections on an admin page wouldn't be legal?
bandchicky314
New User
New User
 
Posts: 20
Joined: Sat Jan 08, 2011 11:14 am
Blog: View Blog (0)


Re: Why won't people let you help them?

Post by Goatboy on Mon Mar 21, 2011 8:51 pm
([msg=55343]see Re: Why won't people let you help them?[/msg])

bandchicky314 wrote:So viewing the source code would be legal, but using SQL injections on an admin page wouldn't be legal?

Yea... Simply by visiting a page you're downloading a copy of the source code, so there is absolutely no grounds to make that illegal. SQL injections are only done to break into a site, so of course that would be illegal.

Why is this in Philosophy/Ethics?
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2825
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Why won't people let you help them?

Post by pretentious on Mon Mar 21, 2011 8:53 pm
([msg=55344]see Re: Why won't people let you help them?[/msg])

bandchicky314 wrote:So viewing the source code would be legal, but using SQL injections on an admin page wouldn't be legal?

Viewing source code is definitely fine. I think the second one is an interesting question though. From my interpretation of the law, where hacking is defined by unauthorized access to a computer, throwing SQL injections at the admin page isn't illegal unless you actually gain access. :? I'm probably full of crap though :P
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
pretentious wrote:Welcome to bat country
User avatar
pretentious
Contributor
Contributor
 
Posts: 714
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)


Re: Why won't people let you help them?

Post by bandchicky314 on Mon Mar 21, 2011 9:10 pm
([msg=55345]see Re: Why won't people let you help them?[/msg])

I'm sorry Goatboy I wasn't sure where to post it. Pretentious makes an interesting point, but if you actually do find the SQL that works and you gain access (which to my knowledge is the point of SQLs [correct me if wrong please]) you would be hacking anyways so it would be irrelevant.
bandchicky314
New User
New User
 
Posts: 20
Joined: Sat Jan 08, 2011 11:14 am
Blog: View Blog (0)


Re: Why won't people let you help them?

Post by pretentious on Mon Mar 21, 2011 9:54 pm
([msg=55346]see Re: Why won't people let you help them?[/msg])

bandchicky314 wrote:if you actually do find the SQL that works and you gain access....you would be hacking anyways so it would be irrelevant.

While my point inevitably leads to the same conclusion. You asked:
bandchicky314 wrote:using SQL injections on an admin page wouldn't be legal?

My post was mealy suggesting that the action by itself might not be illegal, only the consequence.
You get arrested for killing the person, not firing the gun. Or something like that. Anyway, it's not worth debating, i'm probably wrong.
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
pretentious wrote:Welcome to bat country
User avatar
pretentious
Contributor
Contributor
 
Posts: 714
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)


Next

Return to Ethics

Who is online

Users browsing this forum: No registered users and 0 guests