Slashdot Mirror

← Back to Stories (view on slashdot.org)

Clean Needles for Hackers

Posted by michael on from the prophylactic dept.

scubacuda writes "Jon Lasser of the Register opines that we should "give up on the notion that computer security can be improved by putting more people in prison." He argues that a "harm reduction" approach (similar to that of "clean needle" campaign in the War on Drugs) might be more productive. If we, say, wrote in safer programming languages, used tools like Immunix's StackGuard, ProPolice, or OpenBSD 3.3, chroot and UML, we could reduce the damage a malicious hacker might do without damaging our civil liberities."

9 of 285 comments (clear)

  1. Since when? by xchino · · Score: 4, Interesting

    Since when are we putting hackers behind bars just for hacking? We put people in jail for breaking the law, and usually first time convicted hackers just get probation. The only hackers we put in jail are repeat offenders or those whose crimes escalated into other higher crimes. If you root a banks server and send $100 million to your swiss bank account you're a bank robber, not a hacker. If you steal code, you're commiting an act of industrial espionage, not hacking. I think alot of people take the stance that if you commit a crime through a computer, it's just harmless hacking, and not worthy of jail time. Basically my point is there is a huge difference b/w DoSing some jerk on IRC and releasing the next big superworm that causes billion in damages and could possibly cost lives.are NOT the same thing. One thing is "hacking" (Cracking! Damnit.) the other is just being a criminal.

    --
    Everyone is entitled to their own opinion. It's just that yours is stupid.
    1. Re:Since when? by cjpez · · Score: 2, Interesting
      Since when are we putting hackers behind bars just for hacking?
      Didn't they try to do that with the whole DeCSS thing?
      --
      Al Qaeda has ninjas!
  2. Woah! Woah! by bmetzler · · Score: 1, Interesting

    How does putting someone in jail for *committing* a crime violate MY civil liberties? Sure, I'm going to lock my doors, but that doesn't mean that anyone who breaks the lock should be let free.

    -Brent

  3. Re:That's all well and good by dr2chase · · Score: 2, Interesting

    It's unclear whether your question is one of morality, or deterrence. I'll assume deterrence for the moment. A punishment is only a credible deterrent if it is actually likely that the criminal will get caught. The false-positive rate of the deterrence (innocent people punished, or merely innocent people spending weeks demonstrating their innocence in court) and the surveillance infrastructure needed to improve the accuracy of the punishment both reduce our freedom.

  4. Re:What??? by Anonymous Coward · · Score: 5, Interesting
    The problem in modern america, is that if you commit a crime, even if you're caught, likely you won't serve very long because we have a wussy legal system.
    America has 25% of the world's prison population.

    America imprisons a higher percentage of its population than China, Saudi Arabia or Syria.

    One in four young black males in America has served time in prison.

    Yet people still believe America has a "wussy" legal system and that imprisoning more people will help reduce crime.
  5. Right... by Junior+J.+Junior+III · · Score: 3, Interesting

    This idea misunderstands things. It's widely and openly acknowledged that security can never be perfectly impenetrable. You therefore make security as best as you can, and make it illegal to breach security, and then punish breaches of security when you catch those responsible for them.

    Where this all gets hazy and crazy is when people with wide-open systems can prosecute someone for "hacking" them when all they did was walk in through an open door. Open doors are good for public places; if you don't want your computer systems to be public, don't allow it. Put a lock on it. If someone breaks and enters, that's prosecutable. But that should be the line drawn.

    What we need is for the law to say that an open door is good as an invitation, but that breaching a locked door with a sign on it that says Authorized Access and Use Only is a criminal offense -- the equivalent of tresspassing, breaking and entering, robbery, or destruction of property, as is appropriate to what actually takes place.

    --
    You see? You see? Your stupid minds! Stupid! Stupid!
  6. Re:That's not what this is... by the+gnat · · Score: 2, Interesting

    The problem is little fucknuts that think they have some god given right to violate my systems.

    Amen. I'm in the middle of cleaning up a number of servers that got r00ted due to compromised user accounts. Could we have prevented this? Maybe. Does this excuse the hacker? No. I would castrate the little shit in a second if I had the opportunity. The fact that he's from some godforsaken third-world nation means we'll probably never find him, though.

    I read an article the other day about some kid who'd cracked a bunch of boxes down the hall from me several years ago, and caused data loss. They'd finally caught up with him in Texas, and he got three years of jail (he's only 19). He's getting off light, but I do get a warm fuzzy feeling thinking about the shithead being attacked in the showers.

  7. Now that's just wrong by HoleNdaBitBucket · · Score: 2, Interesting

    Clean needles for hackers??? (First, I'll assume you meant the unethical cracker type) That comparison would have us giving better tools to UCT hackers to attack systems and then allow some leway for it to happen. Of course, in the case of the druggie, he's only "cracking" (pardon the pun) himself.

    Is it a crime to break into systems unnounced? I'll accept that. Is it a crime to see an insecure system and notify the owner? No, but then there's the paradox - defining "breaking in" and "noticing insecurity" to be mutually exclusive.

    Yes, if you leave your front door unlocked, the theif still committed the crime of theft. But your own stupidity made it easy for him.

    Now having your neighbor arrested for saying "Dude, I saw your door open while you were out. Better close it before something bad happens" is idiotic at the least.

    Give the masses safer programming languages and/or execution environments. Make them open so that they can be suited to the needs of the many. But if arrogance on the installer's part ("I'll never get hacked with this in place", "This feature is dumb so let's comment it out", "here's my own great new feature") allows the network/system/application to be hacked...well, stupidity isn't illegal.

    Force these dicisions on anyone? No way. If you do, you're no better than the liberty-hating terrorists everyone's been complaining about lately...

  8. an analogy by Artful+Codger · · Score: 2, Interesting

    We all agree that robbing a bank is a serious crime (... I hope). If a bank is robbed, we blame the robber 100%.

    So how would you feel if the bank kept all your money in a paper bag on a shelf behind the teller, where any 8 year-old standing on a chair could get at it? Would you still blame the robber 100% if your money was stolen? or would you at least partially blame the bank for not providing enough security?

    Bank robbery is a crime, but we still expect the banks to have effective security and protection of our money. Servers and software must also provide reasonable protection against hacking.

    --

    ... plans that either come to naught, or half a page of scribbled lines...