Weev: Hackers should keep security holes to themselves

Discuss

20 Responses to “Weev: Hackers should keep security holes to themselves”

  1. mark w. says:

    This guy is obnoxious, he entirely reneges on his opinions just because he’s being indicted. If he hadn’t been so eager to use the exploit he uncovered to make him seem like some celebrity hacker extraordinaire he probably wouldn’t have had the hammer come down on him so hard. 

    • This guy’s got a long history of being a sociopathic asshat. I remember him from the Encyclopedia Dramatica crowd. I have zero sympathy for him and have no trouble imagining all the ways he probably chose to make a sensitive situation worse.

      This all has no impact on whether the charges are just; they just happen to have unjustly affected someone who I don’t mind seeing suffer. :)

      • Professor59 says:

        Good to know that in America, no matter how many reasons there are for people to hate you, no matter what crimes you have committed, there’s always some clown who will pay you to shoot off your mouth some more.

  2. corydodt says:

    Or maybe we should try exposing vulnerabilities in ways that AREN’T attention-whoring or explicitly illegal.

    • ZikZak says:

      It’s not a question of how you do the disclosure, it’s a question of whether the institutions you’re disclosing to are on your side or not.
      Large software companies and government agencies are not on the side of hackers or the general public.  They are not going to use your “responsible disclosure” responsibly.

      They may demand that you “do the right thing” when it comes to helping them secure their broken products, but they’re not going to do the right thing themselves when it comes to protecting the rights and interests of the public.  Why play their game?  Why pretend that we’re all on the same team here, when they’re clearly not?

      Hackers should use their knowledge directly, as a weapon to give power to the powerless.  As long as industry and government sees hackers as a force that they can buy, or negotiate with, or browbeat into behaving, no real change will come.

      • bluest_one says:

         Seems like the best thing to do if you’re a hacker who does want to highlight the crappy negligence of large companies with people’s personal data, is to get in touch with a journalist who can get a scoop out of it.

        You’ll get the protection of law for journalists and their sources and stop the abuse of data through poor security.

  3. hacky says:

    Does the article stop at “domestic intelligence.)”?

  4. s2redux says:

    N.B. If the posted link yields a truncated article, try this other page at Wired, which seems to have the whole thing.

  5. Will Holz says:

    And they’re supposed to sit on these security flaws so that they can be exploited on a greater scale and hurt more people?  

    I’m seeing where the idea comes from, I’m just not convinced it’s terribly well thought out.

  6. Gendun says:

    I’d like to nominate this for Understatement of the Year:

    “It’s not unheard of for governments, including that of the U.S., to use exploits to gather both foreign and domestic intelligence.”

    Could this have anything to do with why NSA had a recruitment booth at Def Con this year?

  7. Sirkowski says:

    The superficial charm of the sociopath…

  8. The problem with reporting back to the vendor is that it can be viewed as exploitation. I disagree with weev but I do believe full disclosure is the only ethical and safe way to protect the bug-finder from claims of extortion and to protect the bug-finder from harassment.  Vendors should monitor avenues of full disclosure to ensure they address the problems found.

    The current scenario is worse, either vendors do nothing and sit on serious bugs or some jerk bug finder sells the exploit to unscrupulous people. Both scenarios are terrible. Full disclosure cuts the line between vendor and bug finder, protects the bug finder and calls on vendors to be responsible.

    weev’s problem was that he associated his ego with the problem and wasn’t willing to forgo the fame.

  9. ImmortalYawn says:

    Im sure people would care…if this guy wasnt such a complete dick, that is.

    “Gay N****r Association of American” will go down AMAZING in prison.

  10. The stories and information posted here are artistic works of someone who is chaotic neutral.
    Only a fool would take anything posted here as good advice.

  11. benher says:

    Do his racist views completely undermine the value of his opinions on American corporate corruption? 

  12. PhasmaFelis says:

    Dear BoingBoing: Please stop feeding the troll. How do you not know this already?

  13. ocker3 says:

    “sees his conviction as an unjust way to AT&T punish the messenger, ”

    Uh, ” sees his conviction as an unjust way for AT&T to punish the messenger,”

    Yes?

    Unless “AT&T” is now a verb?

Leave a Reply