undefined | Better HN

0 pointswedn3sday2y ago0 comments

(a) all hacking is unethical? (b) the database was running in the cloud, not on any computer they controlled. (c) everyone's an asshole here

0 comments

some_furry2y ago

> all hacking is unethical?

No, that's not what tptacek said.

"Ethical hacking" is from the same vein as "responsible disclosure". These are weasel words that are used to demean security researchers who don't kiss the vendors' ass.

As a security researcher, my ethical obligation is not to the vendors of the software. It's to the users.

Ethically speaking, I don't care if my research makes the vendor look bad, hurts their sales, makes their PR team sad, etc. I similarly don't care if my research makes the vendor look good.

Are the users better protected by my research? If yes, ethical. If not, unethical.

Terms like "ethical hacking" are used to stilt the conversation in the favor of vendors.

> the database was running in the cloud, not on any computer they controlled.

If it's running in the Cloud, but in your Cloud account, it's morally equivalent to running on Your Machine. I'm not sure how the law will interpret anything, but given a compelling counter-argument, I don't imagine lawyers will argue differently.

> everyone's an asshole here

Yeah.

j / k navigate · click thread line to collapse