注册
登录
| 关键词: criminal 黑客 如果 犯罪 hackers you 安全 刑事 security they |
1995年,我参加了一场杰出的由安全专家罗伯特D斯蒂尔为代表的开放源码的情报积极倡导者辩论大会,讨论了雇用黑客犯罪的可取性。也许读者会奇怪为啥我直到今天失去利益才提起。我相信这只会引起社会的刑事黑客尖刻的评论。 今天我们要反驳的观点是,“黑客犯罪是一种国家资源,应以国家和企业安全的宝贵贡献耕地。” 我是完全反对这种主张的。 不,不能犒赏这种社会犯罪行为!刑事黑客 -那些企图打破进入计算机系统内和擅自入侵网络触碰法律底线的人群,为了某些目的窃取电信公司服务-绝不能为他们的这种行为颁发奖励。 如果当你需要评估你的家庭安全风险时,你会雇用:一名自称是是防盗者的小偷,还是一个没有犯罪倾向的保税安全专家呢?与雇用黑客犯罪的根本问题一样,他们完全缺乏可信度。刑事黑客相信撒谎,由于他们的业余爱好的基石是欺骗,他们谎称自己的安全系统和人类可以欺骗泄露保密的资料。他们的信条是偏见,视频游戏的谬论:如果有可能做一些事情,它必须是正确的。道德存在,他们只是技术上的障碍:如果您觉得有什么不对,就不能完成。 所以,如果你雇用一名黑客犯罪审查系统的安全,您将让他(通常是他)签署一份保密协议。Riiiight。 刑事黑客认为,除非你可以强制规定,但没有义务遵守协议和规则。我见过谁黑客声称,如果他们能闯入您的计算机系统,这是你的错,他们打破了你的努力,保护了自己。同样的心态是在每一个犯罪行为的基础上:阻止我,如果你能。这是一些没有对社会其他方面负责任的人。他们生活在一种亚文化,其中有不诚实的行为规范,在社会的其余部分作为一个跛脚脑抽搐一群人,不知道保护自己。那么是什么使你认为他们会改变?如果你向他们攻击的话,为什么他们会诚实地处理你当诚实对外来他们对世界的看法?您可能也不能拯救频繁使用酒精或药物来精神寄托的用户。若把刑事黑客达到机密信息,就像把一个恋童癖看到了孩子。 接下来的问题是,什么人已被当做反犯罪专家,黑客的社会里是受讹诈。在没有人聘用定罪,要求他们工作的罪犯,其中一个原因,由他们的雇主是罪犯保税做了坏事-和公共记录不一定全部。妥协与污染背景的人,敌人可以发掘一些污物和威胁要揭露它。鉴于犯罪黑客道德上的软弱性,很难想象他们会顶住压力,很好。同样的问题会产生,如果你是要聘请吸毒者和毒贩向工作在反毒品行动,或如果您让偷车贼停止偷车,或者如果您聘请贪污犯写你的会计代码。这都是没有意义的。(tyrael) 以下为原文: We discussed the advisability of hiring criminal hackers. Perhaps readers will find the polemic I published back then of interest today. I'm sure it will provoke vitriolic comments from the criminal hacker community. Our debate today concerns the proposition that criminal hackers are a national resource and should be cultivated as valuable contributors to national and corporate security. I utterly reject this proposition. No, society must not reward criminal behavior. Criminal hackers — those who break the law by intruding into computer systems and networks without authorization and those who steal services from telecommunications companies — must not be rewarded for their criminality. If you needed to evaluate the security of your home, which would you hire: a burglar who claimed to be an ex-burglar or a bonded security specialist with no criminal tendencies. The fundamental problem with hiring criminal hackers is their complete lack of credibility. Criminal hackers believe in lying and cheating as a bedrock of their hobby; they misrepresent themselves to the security system and to the human beings they can trick into revealing privileged information. Their credo is tainted by the video-game fallacy: if it is possible to do something, it must be right. Morality exists for them only as a technical constraint: if you think something is wrong, make it impossible to accomplish. So if you hire a criminal hacker to review your system security, you will make him (usually him) sign a non-disclosure agreement. Riiiight. Criminal hackers believe that unless you can force compliance, there is no obligation to comply with agreements and rules. I have met hackers who claim that if they can break into your computer system, it's your fault they broke in — regardless of your efforts to protect yourself. The same mentality is at the basis of every criminal act: stop me if you can. These are people with no connection to the rest of society. They live in a subculture where dishonesty is the norm, where the rest of society is seen as a bunch of lame-brain jerks who don't know enough to protect ourselves. So what makes you think they will change? If you pay them to hack, why would they deal honestly with you when honesty is foreign to their view of the world? You may as well trust an unrecovered alcoholic or an active drug user. Putting confidential information within reach of the criminal hacker is like putting children within sight of a pedophile. The next problem is that anyone who has been as anti-social as an expert criminal hacker is subject to blackmail. One of the reasons no one hires convicted felons for work requiring them to be bonded by their employer is that criminals have done bad things — and not necessarily all of it in the public record. To compromise a person with a tainted background, an enemy can dig up some dirt and threaten to reveal it. Given the moral flabbiness of criminal hackers, it's hard to imagine they'd resist pressure very well. The same problem would arise if you were to hire drug addicts and pushers to work in anti-drug operations; or if you used car thieves to stop car theft; or if you hired embezzlers to write your accounting code. It just doesn't make sense. |
|
声明:文章版权归原作者所有 部分文章转自互联网 如有侵权请联系
[邮箱地址] 删除
|
