Breaking "for an article"
Hello, 
!
In this article I want to speculate on hacking computer systems for the purpose of learning / writing an article (talking about the text, not the Criminal Code). Not only to express your thoughts on this topic, but also to find out your thoughts on this matter, since the question is very common. A separate point would like to note that I really want to know the opinion of the editors of Xakep magazines and others like him .
Recalling the old adage “The medal has two sides”, I draw a line of burglar analogy: the burglar gets the data he needs and satisfaction (we limit ourselves to this option, each has his own goals), and the owner of the attacked resource (be it a web server, standalone software or A stand-alone computer will learn about an existing (and, most importantly, so to speak, active) vulnerability in its product. But hacking has several scenarios ...
')
The hacker performs magic manipulations with software and hardware in order to gain material gain (a little less - moral satisfaction). This includes the theft of information for the purpose of selling / using for personal purposes, and cracking software to save on its purchase, and the deface of the site in order to take revenge on the person / company. What are the parties to the conflict:
- cracker: all
- resource owner: nothing
Ugly it turns out, right?
I wrote a headline and thought to myself: “But this is how 95% of hacking descriptions begin” :-)
The hacker accidentally detects a vulnerability in the attacked resource and producesan act of defecation attack. After scratching off everything that is opening up and draining everything that merges (if we are talking about a web server), the attacker usually tells the resource owner about the vulnerability and sometimes even gives tips on closing the hole. Be sure to be accompanied by shouts wherever possible, saying "I hacked the site% horn_and_kopyta%", etc. Often a brief description of the hacking process is written. What are the parties to the conflict:
- cracker: everything (as a rule, lies in the enormous increase of the CSW )
- resource owner: nothing (in case the burglar points out the vulnerability to the owner, the latter gets a good lesson, an occasion to whip up programmers and a message about the presence of a security hole)
Already better, but the attacked side is still unpleasant (the damage from hacking is greater than compensation in the form of an indication of the presence of a vulnerability).
Of the three types of hacks that I identified, this is the most humane for the owner of the resource. Hacks of this type are made for the purpose of writing an article on the relevant resource. The attacker, as a rule, accidentally stumbles upon a potential vulnerability, but there are cases of intentional searching for them. The attack is made with total logging of all actions, what would happen then to write in a note. Often this scenario can be attributed hacking "for training" - that would be better to deal with the intricacies of the work of various kinds of software. A special sign of this scenario is the fact that the “attacker” (precisely in quotation marks, since the attacker is guided by non-mercenary goals) necessarily informs the owner about the vulnerability in all details, and not just “you have a hole in authorization”. The cracker, as a rule, does not merge information that falls under the scope of the Criminal Code. What are the parties to the conflict:
- cracker: all
- resource owner: a message about the presence of a vulnerability, unnecessary mention of its resource in the press (though not from the best side, but still. If the owner does not remove the vulnerability before the article is published, then it will be worse for him), a lesson and a reason to pull programmers.
As for me, this is exactly the scenario that I personally approve and strongly support. Both sides, as a result, got what they wanted. The owner, though not very much wanted ... :-)
This is what I am for: hacking is not always bad and negative. And now the question that pushed me to write this opus: should the owner of the resource have enough conscience to sue the hacker because he found and picked up the vulnerability, and most importantly - pointed it out to the owner.
Thanks for your time!
!In this article I want to speculate on hacking computer systems for the purpose of learning / writing an article (talking about the text, not the Criminal Code). Not only to express your thoughts on this topic, but also to find out your thoughts on this matter, since the question is very common. A separate point would like to note that I really want to know the opinion of the editors of Xakep magazines and others like him .
but on the other hand
Recalling the old adage “The medal has two sides”, I draw a line of burglar analogy: the burglar gets the data he needs and satisfaction (we limit ourselves to this option, each has his own goals), and the owner of the attacked resource (be it a web server, standalone software or A stand-alone computer will learn about an existing (and, most importantly, so to speak, active) vulnerability in its product. But hacking has several scenarios ...
')
Scenario "Angry"
The hacker performs magic manipulations with software and hardware in order to gain material gain (a little less - moral satisfaction). This includes the theft of information for the purpose of selling / using for personal purposes, and cracking software to save on its purchase, and the deface of the site in order to take revenge on the person / company. What are the parties to the conflict:
- cracker: all
- resource owner: nothing
Ugly it turns out, right?
Scenario "It was in the evening, there was nothing to do"
I wrote a headline and thought to myself: “But this is how 95% of hacking descriptions begin” :-)
The hacker accidentally detects a vulnerability in the attacked resource and produces
- cracker: everything (as a rule, lies in the enormous increase of the CSW )
- resource owner: nothing (in case the burglar points out the vulnerability to the owner, the latter gets a good lesson, an occasion to whip up programmers and a message about the presence of a security hole)
Already better, but the attacked side is still unpleasant (the damage from hacking is greater than compensation in the form of an indication of the presence of a vulnerability).
Scenario "For an article"
Of the three types of hacks that I identified, this is the most humane for the owner of the resource. Hacks of this type are made for the purpose of writing an article on the relevant resource. The attacker, as a rule, accidentally stumbles upon a potential vulnerability, but there are cases of intentional searching for them. The attack is made with total logging of all actions, what would happen then to write in a note. Often this scenario can be attributed hacking "for training" - that would be better to deal with the intricacies of the work of various kinds of software. A special sign of this scenario is the fact that the “attacker” (precisely in quotation marks, since the attacker is guided by non-mercenary goals) necessarily informs the owner about the vulnerability in all details, and not just “you have a hole in authorization”. The cracker, as a rule, does not merge information that falls under the scope of the Criminal Code. What are the parties to the conflict:
- cracker: all
- resource owner: a message about the presence of a vulnerability, unnecessary mention of its resource in the press (though not from the best side, but still. If the owner does not remove the vulnerability before the article is published, then it will be worse for him), a lesson and a reason to pull programmers.
As for me, this is exactly the scenario that I personally approve and strongly support. Both sides, as a result, got what they wanted. The owner, though not very much wanted ... :-)
Hacking is the engine of progress
This is what I am for: hacking is not always bad and negative. And now the question that pushed me to write this opus: should the owner of the resource have enough conscience to sue the hacker because he found and picked up the vulnerability, and most importantly - pointed it out to the owner.
Thanks for your time!
Source: https://habr.com/ru/post/79880/
All Articles