PDA

View Full Version : Article compares hacking software to gun rights


Fobjoe
10-28-2010, 10:30 PM
Hope it's not a dupe :-/

I'm not too familiar with the software "Firesheep" but apparently it's a simple tool to hack computers on the same network (from my understanding). Although we all understand the whole RKBA here, I was somewhat put off by the comparison. I'm not sure if the author has an anti-gun agenda and is expressing it satirically or genuinely believes that releasing public hacking software is a legitimate right...

http://venturebeat.com/2010/10/28/white-hat-or-black-hat-firefox-hacking-tool-firesheep-raises-ethical-concerns/

"In America there is a saying “guns don’t kill people.” Some wits add “people with guns kill people.” While this saying is just that, a saying, it does put a handy slogan on a view about moral responsibility. On the face of it, the sayings are dead on: while a gun can be used to kill a person, guns are not themselves moral agents. As such, a gun bears no moral responsibility for any deaths that it might be used to bring about."

“Firesheep doesn’t hack. People hack with Firesheep.”

edwardm
10-29-2010, 2:25 AM
Mr. LaBossiere did not compare hacking to gun rights. He compared the FireSheep tool to a gun. This sentence encapsulates his flawed (typical) 'logic':


As such, the person providing the tool does play a causal role in the misdeeds-especially if the tool or weapon serves as a “but for” cause.

So, a firearms manufacturer necessarily plays a role in the outcomes of firearms use. And in some of those cases, 'but for' the availability of a firearm, there would be no misdeed.

But for the availability of alcohol from Coors, you never would have used poor judgment, hopped in the car and wiped out a van full of nuns. Right?

This "philosophy" professor needs to come out of the clouds, pull his head out of his ***** and get a clue. I feel sorry for his students.
Hope it's not a dupe :-/

I'm not too familiar with the software "Firesheep" but apparently it's a simple tool to hack computers on the same network (from my understanding). Although we all understand the whole RKBA here, I was somewhat put off by the comparison. I'm not sure if the author has an anti-gun agenda and is expressing it satirically or genuinely believes that releasing public hacking software is a legitimate right...

http://venturebeat.com/2010/10/28/white-hat-or-black-hat-firefox-hacking-tool-firesheep-raises-ethical-concerns/

"In America there is a saying “guns don’t kill people.” Some wits add “people with guns kill people.” While this saying is just that, a saying, it does put a handy slogan on a view about moral responsibility. On the face of it, the sayings are dead on: while a gun can be used to kill a person, guns are not themselves moral agents. As such, a gun bears no moral responsibility for any deaths that it might be used to bring about."

“Firesheep doesn’t hack. People hack with Firesheep.”

tiki
10-29-2010, 4:55 AM
Why aren't the makers of knives held responsible for stabbings?

Nodda Duma
10-29-2010, 5:11 AM
Didn't the government realize the flawed logic a while back and pass laws to protect gun manufacturers from criminal-gun-use-related lawsuits?

If so, then his argument is also flawed based on ignorance of the law.

Mulay El Raisuli
10-29-2010, 6:54 AM
Interesting!


The Raisuli

kellito
10-29-2010, 7:05 AM
at least he doesn't say the guns are immoral. He does hint that the only thing they are used for is immoral acts though.

Wherryj
10-29-2010, 7:33 AM
Hope it's not a dupe :-/

I'm not too familiar with the software "Firesheep" but apparently it's a simple tool to hack computers on the same network (from my understanding). Although we all understand the whole RKBA here, I was somewhat put off by the comparison. I'm not sure if the author has an anti-gun agenda and is expressing it satirically or genuinely believes that releasing public hacking software is a legitimate right...

http://venturebeat.com/2010/10/28/white-hat-or-black-hat-firefox-hacking-tool-firesheep-raises-ethical-concerns/

"In America there is a saying “guns don’t kill people.” Some wits add “people with guns kill people.” While this saying is just that, a saying, it does put a handy slogan on a view about moral responsibility. On the face of it, the sayings are dead on: while a gun can be used to kill a person, guns are not themselves moral agents. As such, a gun bears no moral responsibility for any deaths that it might be used to bring about."

“Firesheep doesn’t hack. People hack with Firesheep.”

Does the author give legitimate reasons for Firesheep? The fault in his logic, at least as I see it, is that firearms have MANY legitimate reasons. They are useful for self-defense, they are useful for hunting and are useful for sport shooting-among others.

I can't imagine a legitimate reason for "hacking software". If the use of a computer/software is legitimate, it is NOT hacking. Hacking specifically denotes illigitmate use.

An item that has no legitimate use faces questions about its mere existance.

exklusve
10-29-2010, 8:31 AM
I can't imagine a legitimate reason for "hacking software". If the use of a computer/software is legitimate, it is NOT hacking. Hacking specifically denotes illigitmate use.


Hacking does not mean illigitmate use. There is actually many meanings of this word, and about 99% time people use it in an incorrect context.
There are MANY legitimate reasons for 'hacking software'. I've worked in the IT field for over 10 years and many of these so-called 'hacking tools/software' can be very useful for many day to day IT operations. Many of these so-called hacking tools are tools used everyday by professionals in the IT security and penetration testing fields. Commerical, opensource, and home brewed tools are a must for more than one reason.

Some people call packet sniffers 'hacking tools' because they don't know any other use for them or anything about them.

Firesheep allows the average Joe to do things that has been done for years by people who know what they are doing.


Comparing firearms to software is a good analogy actually. Both can cause much harm, but it depends who is handling it and what their intensions are.

SupportGeek
10-29-2010, 8:40 AM
Does the author give legitimate reasons for Firesheep? The fault in his logic, at least as I see it, is that firearms have MANY legitimate reasons. They are useful for self-defense, they are useful for hunting and are useful for sport shooting-among others.

I can't imagine a legitimate reason for "hacking software". If the use of a computer/software is legitimate, it is NOT hacking. Hacking specifically denotes illegitimate use.

An item that has no legitimate use faces questions about its mere existence.

Anti's cant imagine a legitimate reason for guns too....
Way to borrow a page from their book :rolleyes:

There are many legit reasons for "hacking" software.
Many security specialists have software of exactly this type in their toolbox when they test how hard a network and all the nodes on it are, just like firing a gun at body armor to find out if it protects well or not.
"Hacking" software also often allows others in the security industry to understand new cracks and exploits to build defenses and detections against the new vulnerabilities.
Sometimes when a new vulnerability is discovered and reported to the manufacturer that produces the vulnerable product, yet they fail to act to close the hole, or even acknowledge the vulnerability so others can take action, a primitive version of the "hack/crack" may be released into the wild to force the manufacturer to correct the flaw asap, also to alert others that the problem exists and steps can be taken to close the hole by others even.

As in many things, it boils down to intent.
If you use a gun, or "hacking" software with intent to commit a crime that's bad, if you manufacture a gun or "hacking" software with intent for them to be used in illegal ways. thats also bad, and I think prosecutable in both cases.

Stonewalker
10-29-2010, 8:42 AM
Does the author give legitimate reasons for Firesheep? The fault in his logic, at least as I see it, is that firearms have MANY legitimate reasons. They are useful for self-defense, they are useful for hunting and are useful for sport shooting-among others.

I can't imagine a legitimate reason for "hacking software". If the use of a computer/software is legitimate, it is NOT hacking. Hacking specifically denotes illigitmate use.

An item that has no legitimate use faces questions about its mere existance.

Hacking actually does not denote illegitimate use. You can 'hack' a piece of software to do something it wasn't originally intended to do in the same way Datamancer over here (http://www.datamancer.net/blog/?p=127) 'hacked' a box magazine to fit his Mosin-Nagant.

Even this Firesheep extension solves some interesting problems that didn't necessarily need to be solved. Hacking is extremely important to software and network technology development. You can look at Firesheep this way:

It takes advantage of hosts connected to a publicly-shared wireless network. It is simply reading the traffic they are sending out, snagging the significant information and using it in clever ways. Is it Firesheep's fault these people are not using encrypted sessions? The are just letting that info blast away into open-air radio with no security. It sounds like the Government could even use this against people in a coffee shop without violating the 4th amendment because they have no expectation of privacy. After all, anybody with the right equipment can sniff radio, it's just out in the air. If you wanted to have a reasonable expectation of privacy (for 4th amendment purposes) then you could encrypt your browsing sessions at the very least.

Firesheep exposes some fundamental flaws in Web and Wireless technology. Again, this is important to the development of better tech.

I haven't read the article yet, but I hope he talks a bit about encryption technology. The US government treats cryptography technology above a certain threshhold of security as digital arms. It's illegal to export those technologies to other countries and you can be tried for capital "T" Treason.

Wherryj
10-29-2010, 8:59 AM
Perhaps people should have read the article. I wasn't referring to software mistakenly called "hacking tools", but about this article specifically.

An excerpt: "Was the release of the drop-dead easy hacking tool Firesheep, an extension for the Firefox browser that lets users hijack passwords from others on wireless networks"

Ok, who wants to jump in first and tell me how a Firefox plug in that steals passwords from other computers on a network has a legitimate use?

Stonewalker
10-29-2010, 9:10 AM
Perhaps people should have read the article. I wasn't referring to software mistakenly called "hacking tools", but about this article specifically.

An excerpt: "Was the release of the drop-dead easy hacking tool Firesheep, an extension for the Firefox browser that lets users hijack passwords from others on wireless networks"

Ok, who wants to jump in first and tell me how a Firefox plug in that steals passwords from other computers on a network has a legitimate use?

The specifics aren't important. It's fundamentals we are talking about here. Much in the same way I believe access to guns and presence of guns in the public eye are important to freedom and and our Constitution, hacking - however evil it might seem - is important to freedom in software development.

He even quotes the author of Firesheep in the article -
“The attack that Firesheep demonstrates is easy to do using tools that have been available for years. Criminals already knew this, and I reject the notion that something like Firesheep turns otherwise innocent people evil.”
Fundamentally speaking, he is talking about personal responsibility and freedom. It is actually very similar to our fight for RKBA.

He also points out the reason for creating Firesheep is to expose vulnerabilities in conventional wireless/web browsing technology -
Butler makes it clear that he sees himself as a white hat: he is hacking to expose vulnerabilities so that they will be fixed

You misread the article, Firesheep cannot be directly used to steal passwords. But everything I said still applies even if it could. Perhaps more so since the stakes would be higher. - Sorry, I misread your post. I think that little intro is incorrect though.

exklusve
10-29-2010, 9:21 AM
Ok, who wants to jump in first and tell me how a Firefox plug in that steals passwords from other computers on a network has a legitimate use?

This is like asking "Who wants to jump in first and tell me how a 30round drum on an automatic firewarm has a legitimate use?"


It all goes back to intent of use.
Just because you don't understand it, doesn't mean it doesn't have a purpose.

1JimMarch
10-29-2010, 9:23 AM
For the record, here's the deal with Firesheep:

There's been a long-standing problem with how browser connections on public WiFi hotspots work. A lot of websites that try to do "secure connections" (banks, etc.) have failed to address the problem.

Before Firesheep, the issue was known only to a few top security geek and too many computer criminals.

By releasing Firesheep, the authors of Firesheep have actually done a lot more good than harm.

The good:

* They've made it easy for anybody to demo (to their managers for example) that the problem is real. So for example, the web developers at Wells Fargo or the like can show their managers "yes, this is real and yes, we need to re-do our website's security even though it'll cost "x" dollars...".

* They've made it easy for geeks to show people that when you're on a public WiFi net or any other 'net where you don't trust the other users 100%, don't do anything with security implications.

* They've made it easy for me to write this post for example!

* They've ultimately made certain that this massive security hole will get patched much sooner rather than later and meanwhile made people a lot more aware of the hole.

The bad:

* There will be more criminals with evil intent using this hole, for the briefer period it's still open.

I believe the bad is going to be offset by the good - by a big margin. Without Firesheep, top-level cybercrooks who would do bigger ripoffs would exploit the vulnerability for a much longer period of years if not decades.

exklusve
10-29-2010, 9:40 AM
Perhaps people should have read the article. I wasn't referring to software mistakenly called "hacking tools", but about this article specifically.

An excerpt: "Was the release of the drop-dead easy hacking tool Firesheep, an extension for the Firefox browser that lets users hijack passwords from others on wireless networks"

Ok, who wants to jump in first and tell me how a Firefox plug in that steals passwords from other computers on a network has a legitimate use?


A better question would be why dont people, who use the internet on a daily basis for many things, spend a little time and learn enough about the basicis of keeping themselves, and their passwords secure? If this was the case, Firesheep would be a moot issue.
It's amazing how many people have open, unencrypted wireless networks setup at home, with their AP having the default passwords still.
There are TONS of people who will bootup their laptop, see an open network and connect to it to use the internet without thinking twice about visiting their banking site, email, etc.

So many people focus on what they can do to stay safe if a natural disaster hits or someone breaks into their house. But won't spend an afternoon reading to make sure they keep their identities, personal info, and financial info safe.

N6ATF
10-29-2010, 9:43 AM
http://www.zdnet.com/blog/networking/five-ways-to-shear-firesheep/283

VPN FTW

exklusve
10-29-2010, 9:44 AM
Yeah, and I suggest that the article author should also be culpable for hacking since he is getting paid to write about the tool, and should be fined a dollar every time someone uses Firesheep for any illicit purpose. Maybe then he would understand that what is 1A for him is 2A for us.

Do you also think that firearm manufactures should be fined when their firearms are used to commit a crime?

Do you see your flawed logic here?