CS301

1
CS301

• Discussion Topic

2
Asmt. 1 Hacking to improve security

• A Dutch hacker, who said he worked in computer
  security, sent e-mail to Microsoft warning that
  some of its Web sites were vulnerable to
  break-ins. Microsoft did not reply until after he
  broke in to one of the Web sites about a week
  later and left a taunting message as proof. Was
  his action ethical? Did he do Microsoft and the
  public a favor? What might be some reasons why
  Microsoft did not respond to his e-mail?

3
Postitions

• Group 1 Argue in support of the hacker.
• Group 2 Argue against the hacker

4
(Hacker Advocate) for the pro hacker position

• revealed a security hole in MS's websites proved
  the security hole's existence without "damage"
• compelled Microsoft to "act"
• potentially saved MS and others from suffering
  from more severe attacks

5
(MS Representative) for the anti-hacker position

• encourages others to hack
• there is damage caused by showing that it can be
  done,
• it encourages others to do the same
• forces MS and others to redivert resources to
  prevent further potential damage
• this may cause delays with services, release
  dates, increased costs, etc.