Slashdot Mirror
What Do You Think of Online Vigilantes?
gwoodrow asks: "I'm a member of the (primarily) Mac community Spymac. I originally joined for the 1 gb of email, but eventually found myself joining in on discussions in the forum. Today, I received an email from a supposedly anonymous Spymac member ("supposedly" because the smart guy didn't mask his IP). Basically, it said that he or she had harvested 10,000 member screen names/email addresses from Spymac's pages and that this, paired with the ability to view individual member's profiles, created a major problem because of the extent of information so readily available. The email this person sent out and the forum discussion that follow are available here. All cracks and personal opinion about Spymac aside, what do Slashdot members think of online 'vigilante' justice?"
"Some viruses are released with little notes within that say things like - 'this is why you need to do X or Y to fix your software' Some hackers have also gained infamy by hacking a major system allegedly to help. Do you support such actions and why? Are virus/trojan writers, hackers, and spammers doing a noble deed or going about things in the wrong way? If you don't agree generally, are there exceptions when online vigilantes are fully in the right? Is the accessibility of vulnerabilities a good excuse to partake in such actions, or should there be ethical bounds regardless?"
Please don't hack my computer at 127.0.0.1. Thanks!
Report it to the authorities. Alternately, post the info here on /. and then don't worry about it. Somebody will do something, and it won't be you.
Lasers Controlled Games!
no problem. They help by pointing out vulnerabilities as long as they don't actually exploit them to do harm to whoever.
wannabe mafiosos always click this link
your friendly neighborhood Spider-Mac!
"Dave, I stand still--the conclusions jump to me!" - Bill McNeal, NewsRadio
My take is that vigilantes should not do any damage. Poking around a system, finding a vulnerability and then reporting it to the responsible party (not immediately to the public) is ok in my book. Instead of mailbombing your enemy, use social tactics to discount/disprove your enemy's arguments. Oh, and first post! :)
to show you how much you need a deadbolt.
yeah, no, that sounds like a bad idea.
This is like me punching someone in the nose and saying "Why didn't you take karate lessons, for crying out loud? It's your own fault it's so easy for me to punch you. You should consider this assault a personal favor."
Am I part of the core demographic for Swedish Fish?
Until you take anonymous proxy servers into consideration. ...then it all just goes to hell.
Why is it people expect to be anonymous online still? If you want to interact with people and have them know your name, birthday, address, etc then that's up to you. However no one is stopping you from using a fake last name/address/bday and still interacting on the same level. Why is it people put personal data in obvious places, and then get mad when someone shows how easy it is to discover that data.
Discovering weaknesses is good. Exposing them publicly without giving the vulnerable company time to fix them is bad.
You could easily do the same with Yahoo usernames (example, insert @yahoo.com after every username) and profiles or any other system based on the same scheme. Not impressive, since it is just collecting freely available information. It does raise a good point, barely, that people should be more aware of what they release in terms of information. As even want-to-be script kiddes like this individual can see.
My opinion has always been that if you stumble across somthing, then you should absolutely tell those that need to know, and NOT the general public (at the very least, not until those responsible have had a reasonable chance to repair whatever the problem was). However, purposely breaking in to private servers to show how much they need to beef up security (or similar such actions) is tantamount to breaking in to someone's home to show how bad their door locks are; it's breaking and entering, and it's a crime. If you want to do penetration testing, you really need to get permission from the owner before they start tearing in to their system.
NO - that's not ok. How is the victim (i.e. the one 'visited' by the vigilante) to know that the vigilante just poked around and didn't leave any nasty things behind? Who's to say it actually was a vigilante and not, say, a competitor faking to be one? General security best practices say: if a system is compromised, rebuild. Rebuilding systems cost time. Time is money. Vigilante actions result in monetary damage. It's not ok.
Because it seems like you don't. A vigilante is someone who tries to bring people to justice by working outside of the law. The key here is that they are doing something which they belive is moraly right.
From your description, it sounds like someone just... grabbed some published information and started threatening people with it. There's no indication in your writeup that this person was even trying to do something 'good'.
autopr0n is like, down and stuff.
That's no vigilante. What he/she does with this information could make them a vigilante. Generally the definition of vigilante requires that some crime be committed, and that the labelled punish it. Right now, this user looks to be just a responsible member of the community.
Reading further, I guess this email is annoying, but not really illegal. I wouldn't say that the definition of vigilante is (yet) warranted from anyone's actions so far.
funny munging
Although I tend to side with the vigilantes on most occasions, I believe actions like these should be judged on a case by case basis. The actions should be genuinely taken in good will and not for any form of personal profit. They should only be resorted to after reasonable attempts to spread the information through proper methods and channels, much like the issue of full disclose of potentially dangerous bugs and exploits.
How the fuck is this being a "vigilante"? Vigilantes run around beating up bad guys, often because of some tragic personal history. They work a bit outside the law themselves, but generally do not wish to harm innocents, only bad guys. Think "Batman" and you've got it.
This is just a guy who found a hole of sorts and decided to report it in a kind of stupid but not terribly harmful way. A mildly incompetent "white hat" hacker, perhaps, but no vigilante: he's not running around from website to website trying to "hack bad guys" or some bullshit like that.
In todays cyber culture, there are a variety of ways to look at so called vigilant justice. No one, and I do mean no one, would like there systems security to be comprimised, especially if it holds data that can be deemed confidential. On the other hand, it seems cruel to impose jail sentances on people like the recent example of Adrian Lamos. All these people are trying to do is make our confidential material safer. This brings up the White Hat/Black Hat debate. No matter what side of the line you sit on, you should be able to see the other sides points. I have personally sat on both sides of the debate, argueing in favor and against the hacker community. The problem that occurs is that there is no real awnser to the problem, and the laws are so weak and open to debate that it is pointless to look for a specific precedant. In conclusion, we as humans tend to point fingers like two year olds, and like we were then, the problems are usually unsolved. Just be careful, most of us have watched technology evolve, and we know how fragile it can be.
anyone who uses p2p apps should join up. they request that you only report websites and stuff, but ips and timestamps are probably fine. all the reports are forwarded to the appropriate law enforcement agency.
Problem is, without downloading it, how do you tell what's child porn? Don't tell me you can tell by the filename, because you can't. There are people out there who label ordinary stuff as child porn. I don't know why, maybe because that makes more people download it (??).
And if I had downloaded some, I'd delete it quick and not tell anyone, just in case. Call me paranoid, but too many people have got themselves in trouble by trying to help out lately.
Considering the lack of speed and sometimes lack of ability when it comes to investigating cyber crimes, on line vigilante's may be the only option. This type of behavior does 2 things.
1. It provides some deterrant
2. It forces law enforcement to step up to the plate.
Example? There is an on line porn site that has pictures of a girl, about the ago of ten having hard core sex with an adult. I found out because a domain I admin with a catch all e-mail was recieving bounces from this sites spam. I reported it. Nothing happened for a few days so I traced the actual source of the pictures to a freeserver. The pictures were removed in minutes, I continued to follow the sites from free server to free server until it stopped working (I haven't checked in a while).
I made that persons life more difficult and hopefully caused him to leave more "trails". Each free server admin I talked to said that they would save any logs that they had. Now why couldn't the police do what I did for the 2 weeks or so?
cluge
AngryPeopleRule
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
Maybe I'll misbehave a little to get some "punishment" ;-)
It's either on the beat or off the beat, it's that easy.
I moderate therefore I rule!
--
Isn't being slashdotted a form of vigilante justice?
+++ATHZ 99:5:80
That is a hacker, and they are putting their skills to use in the wrong way.
A vigilante is someone who rights wrongs without authorization from the law. That would be like someone who breaks into the spammer's computer and rewrites their BIOS with the contents of their spam or something.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
If a vigilante gets in, whats to say that someone more malicious hasn't? If anything it saves the expense of not losing data or being charged when the system is compromised by a more malicious attacker. Yes you must rebuild the sytem, but considering that the "attacker" told you the system was compromised, its not as critical a situation as one where you suddenly discover the host is compromised and must be taken down immeaditly.
That's the point of the vigilante--if he or she can get in, that means someone else could have ALREADY gotten in and left things in there. If the vigilante can get in, then you already have to rebuild--it's just a question of whether you KNOW whether you have to rebuild. No point in killing the messenger.
Ebay has a problem with fraud. Especially in electronics/computer auctions. They do, in fairness to them, attempt to monitor and control fraudulent auctions, but clearly they are losing the battle. There has been an individual lately trying to sell the new Motorola V710 on eBay. (It's is as yet unreleased.) A number of people have determined that beyond using the regular channels, such as registering a complaint with eBay, they (or one person in particular) need to take more aggresive action and have managed to "guess" the password to the AOL account that the auctioner is requesting correspondance to. He made it clear a couple of times that he "guessed" the password, but didn't "hack" the account. Despite what I may think about auction scammers, taking the law into your own hands is foolish. You are opening yourself to civil and possibly criminal liability. Is it worth it? Doubtful. In today's paranoid security landscape, regardless of your intent, you could easily wind up being the scapegoat. Last I checked, any attempt to access a service which you are not licensed to use is a crime. ie, You can "scan" whatever you want, but as soon as you connect... BLAMO! Off to the slammer you go!!! A word to the wise.
It is very good to be looking out for gaping security hole. Pointing them out to the owners of the site is a very good thing to do. Broadcasting them to the world is not. If you find something thats really bad, email it to the owners of the site or post it using the sensitive issues procedures. We all would hate t oget blasted with spam or hacked because some evil person heard about a gaping security hole.
But, as soon as a fix is available, all the users of the site should know about the hole and what to do about it.
PS: I think that this may be a little (very) redundant.
Back in The Old West, when the law was too week or two thinly spread out to control outlaws and bandits, various towns set up secret societies known as "Vigilance Committees." They took the law into their own hands, arrested felons and, when they had to, they executed them. Their members were known as vigilantes, and that's where the term came from. Today, mailbombing or otherwise DOSing spammers is a form of vigilante activity. Finding the electronic equiviant of a broken lock on a door and shouting out to the world, "Here's where you can get in for free!" is just plain stupid.
Good, inexpensive web hosting
Vigilance, watching for problems that affect our community, and then telling the community about noticed problems is what is known as "civic duty". Using authorized access to community resources, then notifying the community that such access creates risks greater than they accepted, or expected, is a community service. Especially when that access, authorized by the community itself (eg. via a webserver), has subtler implications than are discernable to most members of the community (eg. non-techs). If we see something going wrong, it's our responsibility to tell people about it. That makes everyone safer.
Vigilantes do more than just find problems. They act on their information, using their judgement to change the problem, supposedly into a solution. But justice is a specialized process, like science. When unqualified people engage in risky acts with dangerous consequences, they expose the rest of the community to unacceptable danger. Looking for problems, and telling us about them, protects us. Acting on one's own, especially without telling the rest of us, creates risks as severe as, or worse than, the "problem" being "solved".
Eternal vigilance is no vice.
(with no apologies to Barry Goldwater)
--
make install -not war
While stopping child porn is a 'noble cause', how far do you take this? Do you report everyone that you see anywhere that does anything you don't approve of, today?
..
Do you go out LOOKING for violations of your morals so you can feel good about turning them in?
Hate to tell you but you also do things that others disapprove of, and are illegal somewhere.. Do you want to be next?
Unless you directly are confronted with a violation of the law, in your face, I say keep your nose out of others business.. Lest it be cut off your face
"but its for the children' , ya right.. you just want to be nosy and cant mind your own business. You get what you deserve...
---- Booth was a patriot ----
The guy that found this did everyone a big favour and ought to be congratulated, but sadly the spammers will be doing the same.
is SO not cat woman.
it'snot going to be a cat women movie, it's going to ba a crappy actreee posing in an awfull looking cat suit movie.
If I just want to see hot looking babes in latex, I'd go to google.
The Kruger Dunning explains most post on
Generally speaking, if there's not an overt threat of violence or massive infrastructure damage, and no money is stolen, you just can't get anyone in law enforcement to listen. This is why I don't have a huge problem with SYN flooding someone who's mailbombing your server until the mailbombing stops. That's just self-defense. If you keep SYN flooding after the mailbombing stops, then you're just attacking an arbitrary IP address that could now belong to someone else, or could have belonged to a (now fixed) zombie, or whatever else. That's reckless.
Law enforcement is trying to get a better handle on internet fraud, but there's so much of it going on and they have so few resources to attack it that vigilante efforts to stop or mitigate the attacks are about our only options in many cases.
If I shoot a gun at a guy who's robbing a bank at gunpoint, I'm probably okay with the law. If I pull out my gun, close my eyes, wave it around, and pull the trigger several times at random, I'm not okay with the law.
If I get a guy in a headlock to break up a fight, I'm probably okay with the law. If he walks away from the fight and I put him in a headlock then, I'm not okay with the law.
You're generally allowed to do things to people you wouldn't otherwise be allowed to do if they weren't committing a crime, but you have to be certain that you're not doing these things to innocent people as well. The internet makes that quite difficult at times. You also have to restrain your response to be proportional to what you're trying to prevent. "Imperfect self-defense" can often get murder reduced to manslaughter, but you still do time for it.
WARNING: there is a trojan on your
Just what private information did this person discover? he got information from a bunch of public profiles, how is that a threat to privacy? I don't really under the gravity of this at all, if you're stupid enough to put your home phone number, or address in the the eyes of the public it's your own damn fault... Btw, why can't you do the same thing with yahoo? i mean, how many @yahoo addys start with hornychick####? or 2hot4u16 through 2hot4u82... maybe somebody can explain to me why this is worthy of my brain power?
I have always had my suspicions about SpyMac. It's just too much eyecandy to be perfect.
Compare SpyMac: It's like the shiniest used car in the used car parking lot - you know the one that's usually a lemon!
Am I reading the parent right? Someone harvested SpyMac email accounts?
I've done a few editorial articles on my website about this very thing. One on SpyMac problems and prediction that this kind of thing would happen and then another on how the SpyMac Community really latched on to a recent vigilante justice story concerning a PowerBook.
You've Not Mail
AND
Scamming Scammers & The Scheming Scammers Who Scam Them Back
Not tooting my own horn, but these articles give a clearerer picture of SpyMac and the problems it poses.
Yell & scream & rant & rave... it's no use... you need a shaaaave ~ Bugs Bunny
First, I agree with you, if you mean that it's better to hear the news from a typical vigilante that to only find out when your most sensitive information appears in the hands of a competitor or plastered all over the net.
Second, that's part of a larger picture. If you get hacked by a script kiddee, and he only appears to get to your web server, the same questions apply. Are you lucky to get the wake up call from a mere website defacement insead of finding a trojan that's been sitting for months in accounts recievable? Possibly, but how do you know the intruder only got in as far as it first appears, and how do you know no one else better than him hasn't done more? I'ts all a spectrum, from a vigilante who really didn't screw up anything, to one who accidentally did some damage, to a web site defacement that's easy to fix and relatively harmless, to harvesting personnel information for head hunters, to harvesting customer information for spam lists, to the most serious crimes that can cost a company millions.
Anybody who falls victim to one of the less serious sorts can breathe a sigh of relief that it wasn't one of the worse ones, and for their blood pressure's sake they probably should, but they still need to think about what it implies about their chances the next time will be successful, and for worse consequences.
Who is John Cabal?
Now, on to my answers on the vigilante question:
The bottom line is it's a case by case basis.
If illegal activity is going on and it's a law that's usually enforced like KP or cyber-blackmail, a virus-writing IRC channel, or what-not, alert the authorities. If the authorities don't take action, write your lawmakers and cc the press.
If there are organizations that work to derail that type of crime, such as Symantec for viruses, alert them also.
As far as taking direct action against the lawbreakers:
Don't break the law to do it. Don't hack or DDOS their machines. DO report them to their ISPs to get them TOSsed off the net, DO alert the media if the situation warrants it. Do NOT tell people you KNOW are LIKELY to "take the law into their own hands" about it, as that makes you an accomplice, in the moral sense if not in the legal one.
But what if the person is just annoying and not breaking any laws? For example, trolls who post 100 flames a day to a particular newsgroup?
If you can, just ignore him - that's what killfiles are for.
If that doesn't work, try to isolate yourself from him and alert others they should do the same.
If that fails, try slapping him around a little, but don't become annoying yourself:
If he's breaking his ISP contract, alert them. If he's doing it during work hours from his work computer, alert them.
If he's doing it from home though, don't bother his employer, they don't own his free time, and if they do take action against him, you could be on the wrong end of a lawsuit, sigh.
The bottom line:
Pick your battles, and be an adult about it. Get thicker skin if you need to. This is the Internet, it's not a place for 5 year old whiney kids who cry foul every time they get a "buy or product" solicitation in their email (even though we have EVERY RIGHT to cry foul :) ).
URL of the day: https://tips.fbi.gov
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Vigilantes are common where there is no effective law enforcement. This is not just on the web. In real-life, if there is no effective police force, people will grab a gun and use it to defend their home, work and friends and damn the law. People obey the law when they think it protects them and is fair. This is known as true anarchy. You could see this happening in the post-war looting in Iraq (and still today) where you had surgeons in hospitals wearing scrubs and totting guns. But it is generally true of any society. In crime-ridden areas where there is little effective law enforcement, people form gangs that enforce their own law outside of the proper legal system. People seek protection and order and if the law does not give this to them then they will take matters into their own hands. Hence vigilante actions on the web such as hunting people down are going to continue as long as there is no effective legal recourse that is easily and quickly available to everyone (such as dialing the police).
OTOH "vigilante" actions like writing viruses are a different matter. It's akin to street protests or graffitting public places with slogans. The first type of vigilante action is a matter of personal protection. The second type is to do with making a statement. Perhaps we should use as a yardstick the comfort level we have with street protests? When does a protest or making a statement go too far?
Didn't Pete Townsend ( The Who) get into a certain amount of trouble when his curiosity got the better of him? Vigilantism can result in unpleasant legal complications for the vigilante.
The internet is not centralized; there is no one central authority. It is like the Wild West. Good citizens keep to themselves and operate under common decency and common sense. But there are always some malcontents (spammers, virus creators etc) that feel they can do whatever they feel to whoever they want with small fear of retribution.
Some governments are just now awakening to the threats of these malcontents, and have passed laws against them. Of course, these laws are next to useless, because the net transcends international geopolitical boundaries.
So what is a decent net citizen to do? Nothing? Scream and cry until the lawmakers listen?
Until there is a real sheriff on the net, vigilante groups may be the only answer. Small groups of net-aware individuals who can root out the bad guys and administer some well-deserved justice. Some may call them net terrorists, but if they leave the good people alone, I would call them patriots.
Will the law go after these patriots? The law may turn a blind eye if these groups keep the peace. Besides, what can the law do to the net patriots that are trying to make things better when they can't even go after the malcontents?
I'm all for vigilantes, until we get a real sheriff in town.
My problem with these online vigilanties is that they would rather inform the public of these huge flaws then report them directly to the developers who can fix the bugs and save alot of people from trouble.
I understand that some do. Infact one of them works for me now. He reported a huge security hole in my program and I was able to fix it. Of course he had to first exploit it fully and then steal my script from my site... but after I tracked him down we became friends and I have learned so much about security.
If the developers don't want to listen then fine... Let the public know. But please contact the devs first. We care about our customers, and don't mean for our product to be flawed.
From what I hear, that person just took names from the forums and added @spymac.net. As noted by other people, you could do the same with Yahoo accounts. And, just like Yahoo, you could choose not to use the email, nor to enter any implicating information.
It doesn't really sound like vigilatism. I'd classify that message as spam, actually. It tells what should be obvious. At worst, it's awfully neglectful of the Spymac operators not to have a large privacy policy that explains such things. Sending email to everybody in the forums isn't a solution, and is likely to cause more confusion.
One serious objection that I have to Spymac, which can be checked out, is that it doesn't use SSL. Even for the paid webhosting and webmail. And all of the services are prone to failing without warning; it's been 7 months or so since the new services came out, and I'm still hearing complaints about their reliability.
Have a nice time.
and finding it unlocked. Leaving the door unlocked is a bad thing. It is an even worse thing to leave a door open when the things that could get stolen belong to other people.
That's the point of the vigilante--if he or she can get in, that means someone else could have ALREADY gotten in and left things in there. If the vigilante can get in, then you already have to rebuild--it's just a question of whether you KNOW whether you have to rebuild. No point in killing the messenger.
Well, except vigilantes are self-appointed messengers. It's not their duty to be poking into other peoples' system. That's the responsibility of law enforcement and only within certain boundaries.
many times, the punishments do not fit the crime. It would be like sentencing someone to life for just breaking a door to someone else's house.
// file: mice.h
#include "frickin_lasers.h"
19 pages in that thread and nobody has come up with the obvious solution.
In a forum the size of spymac, members viewing this thread/online is useless - needle in a haystack style.
To get a gauge of popularity, why not have "number of members viewing this page" rather than the whole list?
If users want to know when their friends are online, then they could implement a vBulletin style "buddy list" in the member's control panel.
Gamers Europe - Gaming News. Reviews.
If you step in the ring, you have no right to cry when you get punched. You may think you're doing some fair and noble deed when you, say, grab the IP out of some trolls email post, paste it into your web browser and use the default login credentials to turn off their SOHO router. But what happens if everybody does this sort of thing? What happens when you annoy somebody and they do this to you?
The network and the online society becomes less valuable and beneficial when people start throwing rocks at passersby. It's like that good mall that turned into the thug mall. Is that really the environment you want to promote? Do you want to drop your kid off in the gangsta food court to buy a spiked orange julius or a digital crack smoothie?
There are legal, civilized tools at our disposal to deal with these situations. Use your imagination to pick the best one. Society would be better served and preserved if you chose them.
And BTW, there is a GREAT book about vigilante justice called "Watchmen". It's one of the best comics ever.
"Let him go, Ralph. He knows what he's doing." --Otto Mann (simpsons)
I just did a tracert 127.0.0.1 and the time was 1ms, you must be very close to my internet connection.
You sure are a talkative corpse.
Have you ever heard of the government doing that? They may investigate breakins that admins report, but they don't seem to do anything to confirm the security of the user's data that admins are trusted with.
No one likes a gadfly--but that's just how life works. Customers have a right to know if admins refuse to run secure systems.
Spymac is great. Nevermind the 1 GB email, the ftp space is very generous too. So along comes an article on Slashdot disparaging security while asking a disingenuous question about ethics. Oh man, this is not a public interest issue. It is trivial to retrieve every AOL profile, for example, just by dictionary guessing of screen names, so how is Spymac any less vigilant against attack, whether vigilante or otherwise?
It is so hard to get a submission accepted by Slashdot, one would think the standards were very very high. Apparently, it is a lot easier if one asks a polarizing question on a topic vaguely connected to OS choice and one that inflames debate.
The same can be done with services like AOL. Just go into a few chatrooms. Copy the list of users in the room, then add @aol.com and viola you have a list of thousands of people. This is old news, very old. Furthermore, public profiles can be added to the database as well from services like AOL. This is not a bug, it's not a blanted security hole, it's simply a person trying to think he is crafty. If the information is publicly available then it can be obtained a variety of ways and very easily. If it is private and can be obtained by means of exploiting the system then it is a security hole.
-illumina+us "I put on my robe and wizard hat..."
Should there be a police organization specifically for the net which might have the authority to hack someone's machine if they are breaking the law with it?
GJC
Gregory Casamento
## Chief Maintainer for GNUstep
It's Vigilante,
It mentions black hats,
Mentions old school technology,
It comes from a comic book,
and it's a pun!
It's not off topic. Funny? maybe, Irrelevant? yes, but not off topic.
The Kruger Dunning explains most post on
excuse me, but I always thought a vigilante was someone who performed duties of the court (investigation, apprehension, judgement, and/or punishment) without court authorization. e.g. roundin' up a posse an' lynchin' ol' Black Bart for horse theivin'. That was back in the days before words were allowed to end in 'g' or 'd'
What does vigilantism mean in an online context? 1) spying out the home address of some spammer outside detroit and then publishing it? 2) white-hat breaking-and-entering of security systems? 3) publication of embarassing facts about the in-security of systems? Probably so.
All of these actions seem rude (if not illegal). However they do benefit the public. That doesn't make it right, but it does make it hard to publicly condemn. I think what we term "vigilantism" is a response to some social problem after the institutions that SHOULD have solved it prove ineffectual. The argument is whether this ad hoc cure is worse than the disease. It certainly constitutes a strong signal to duly authorized institutions to get off their dead butts and get their acts together.
There are other means besides vigilantism to respond to broken systems. If one mail system doesn't take my privacy concerns seriously enough, switch to another. That's why monopolies are bad (warning: mod this post down to troll b/c i'm to the right of Mao Tse Tung) denying us a choice to an alternate system. e.g. Black Bart steals too many horses, vote out Judge Ito for hangin' Judge Roy Bean.
I don't OWE it to any company to fix their problems or even provide feedback telling them they've got a problem. As a courtesy I may inform someone in charge, but I won't bother much about it. Because they're getting the info for free, they may ascribe just about that much value to it. If I embarass them with a vigilante stunt, yeah, that'll help my karma, win friends and influence people, sure.
I suppose the righteous response is to gently inform whoever's in charge. If that doesn't work, the rational response, when tempted to perform some vigilante act, is to look around for how to benefit from the institution's demonstrable incompetence. e.g. starting/backing a competitor.
Doing what was described here is not being a "vigilante"--A vigilante is a private citizen (lacking official authorization--not a police officer or other governmental authority) who catches and/or punishes criminals for crimes outside of the established legal system. What this guy did was identify a security weakness and used it to make a point about it. That sounds either like civil disobedience, a technical infraction done to prove a point more than to cause actual damage or harm, or being a "good samaritan" in that he identified a problem and offers to help solve it even though he has no obligation to do so. Since (at this point) no law has been broken, there is nobody to catch, and no opportunity for a "vigilante" to act. If someone bad did get the list of members and sold it to a spammer, and I found out who did it and gave him a black eye in retribution, i'd be the vigilante.
I wondered if the '/.-effect' would be a legal form of DDOS -- especially if it was directed at sites using spam as advertising...
t -- maybe they would think twice about putting their web site in all those e-mails...
It would seem that posting the web address of a spam-ad-linked-site and letting the feeding frenzy begin would be a novel way of sticking it to the online pharmacies/annoying-purveyors-of-crap-I-don't-wan
We apologise for the fault in this post. Those responsible have been sacked. -- Signed RICHARD M. NIXON
spammers and spyware makers only!
Since you cant presume them innocent and find anyone gulty, we must assume them guilty and bring out the tar and feathers.....
- 1 'offtopic'? or -1 'too close to home'?
What a stupid thing to wast mod point on.
I poed funn at an industry I'm in, used a comic theme, made a monty python reference, and referenced a previous slashdot story.
Thats not -1 'off topic'! it;s +1 'sheer Genius'!
In my day, people on slashdot had a sense of humor.
The Kruger Dunning explains most post on
There is a point where it becomes invasion, and I guarantee that if someone was nosing around my personal life in order to try to get me busted, they would get more then they bargained for..
Not saying that we ignore our neighbors wife being beaten by the guy who broke into their house, but there is a line, and I think what was being discussed earlier on crossed that line...
---- Booth was a patriot ----
Honeypot operators watch for abuse rather than simply secure against it. They can take some actions (perfectly legal and legitimate) against the abusers (mostly spammers) they find, they can initiate actions against the abusers.
It continually amazes me that so many people are highly irate about net abuse and yet do so little to stop it when they could. Honeypot evidence could be used to convince ISPs that there's plenty they could be doing, too, without violating any laws and without violating any of their own restrictions.
Spam is abuse that goes through other systems (for the most part.) Just about every system with a permanent connection is a candidate "other system" for the spammers. The vigilante who operates a honeypot watches for that abuse and works to thwart it (if nothing else, captured spam stops dead at the honeypot. That in itself is good. Get enough doing it and the ones who pay to have their product or service spammed could be told that a large number of the spam messages never got delivered. The idea of that is to get them demanding a refund from the spammer. The idea behind not telling them the number is to make the negotiation between spammer and customer more difficult, more heated.
I watch a honeypot. It traps some oriental spam (from/to oriental email addresses), some US open relay tests. Even today there are spammers doing open relay abuse. You can learn a lot about the abuse using a simple trap. Knowing more about the abuse gives you greater power against the abuse.
Linux operators, in particular, can run open proxy honeypots ( "in particular" because a free download to do just that already exists.) There's probably much more open proxy abuse these days than open relay abuse. Create enough irritant sites (honeypots) and the spammers will be greatly inconvenienced.
If you've ever had a system abused by spammers to relay spam there may be no greater feeling of satisfaction than watching more spam come in and knowing that it stops dead with your system. The more the spammer gloats (you don't get to see it but you can assume it) that he's found a superb abusable system the more you gloat that he is wasting all the effort and bandwidth he's using to send the spam through your honeypot.
It doesn't hurt to run the honeypot like you're a greenhorn, either. Let the spammer think he's found a big fool. The more like a big fool you look to him the longer he'll actually be a big fool. Simulate a clogged system, simulate crashes, go offline for hours (or simply change IP address - that's offline as far as the IP address you were using is concerned.) how you do it and what you do aren't that important - the important thing is to create noise so that the spammer has a far more difficult time telling abusable systems from secure ones. If you could do anything about the abusable systems you'd secure them - but you can't. To confuse the spammer you have to make secure systems look insecure. Plus, the more obscure your location (that is, boonies.com vs. bigisp.net, for example) the more likely the spammer is to look at your IP addresss (the system attached) to see if it is abusable.
I completely agree. I have been both the stumblee, and the stumbler. When I accidently found all the social security numbers of everyone in my school, I emailed the teacher that posted the datafile to a public portion of our shared server (retard). He promptly fixed the problem, and never said anything else about it besides a humble 'thanks'.
/root. Says how he got in, and that I should close the hole. No rootkit, no security compromise (trust me, I looked for quite some time). This was quite possibly the best kind of vigilante. Saw the problem, exploited it to show that (s)he could, and left.
I also have done white-hat work. It is kind of polite to find those 'nice' hackers that will get in through a known hole and just put a HACKER_README in
I say this guy went a little far with 10k emails. I think 100 would have proven his point, but who am I to judge?
--If I said something interesting it probably wasn't correct
My first impression is that the original poster has no idea what a vigilante is...
But perhaps that is just semantic quibbling?
Neopets - the best free game on the Int
Vigilante justice is worse than the original crime. Let the proper authorities deal with it before it turns into one big mess.
I've been reading through the spymac forum thread, and people are talking about how they are "victims" of this spam, and that he should go to jail. WTF!?!? He sent one email to 10K people to illustrate a point. Yeah, he shouldn't have done that, but jail time? Give me a break. Of course not everyone in the thread was like that, but there sure were a lot of pansies. [Insert flaming comment about Mac users here ;-) ]
"No one likes working in a hamster wheel, and your shop smells of cedar shavings from here." - TaleSpinner
You read that right. I wrote an email/website harvester. Once. In PHP on PostgreSQL, just to see what it would take. It took me about 6 hours, including the expressions and a bit of performance tuning.
It wasn't very well tuned at all, but when run, it found about 1,000 email addresses every hour on a PII-400, after filtering out the bogus addresses.
It would get caught in a harvester trap every now and then - which was easily overcome - it would only look thru 100 pages in a particular domain. There's plenty more.
I never did anything with it. Once I'd proven the concept to myself, I deleted the database.
This is just a consequence of the "frictionless" digital world - information is transmitted, collected, and manipulated easily, including information you might not consider to be "public".
As Scott McNealy once said: "Privacy is dead. Get over it!".
I have no problem with your religion until you decide it's reason to deprive others of the truth.
He doesn't apparently do anything illegal(though he doesnt disclose where the list of users came from exactly)
The extent of the damage caused seems to be an email sent to 10,000 of the users of spymac. I fail to see the problem. This isn't a 'hacking for good' or a 'worm to kill another worm'. It's a mass emailing telling people theres a problem. There is also nothing to suggest that someone in a position of power WASN'T contacted prior to the mailing.
So I'll say it again, what did this guy do wrong? Other than send a mass email which is hard to even call spam.
It seems to me that you're missing an important point of the guy's e-mail to you:
He sent you a warning.
And not only that; he probably sent it to everyone on his list of "thousands of member names". Don't you wonder why YOU of all people received it, having no previously existing relationship with him? It's because you *weren't* the only one who received it. At least two people who replied to your Spymac post had also received it, so you're obviously not the only one.
They guy was clearly concerned with a vulnerability at Spymac, not trying to take advantage of it. Don't you detect the mild sarcasm he used? They guy isn't recruiting accomplices; he's making a statement to members.
The guy says (paraphrased) that he just got hold of all this info. Coupled with [public member info] and [specific techniques], he could compile a very complete list of member data. Now, he says he could do [evil thing1], [evil thing 2] or [evil thing 3]... or, "or simply ask Spymac to GET THEIR ACT TOGETHER and FIX EXISTING PROBLEMS like this gaping security hole before they introduce ever new functions?? I should never have been able to get my hands on this!"
Uh, hello? That was a direct quote, with his emphasis, not mine. He's not a criminal (yet, anyway), and he doesn't deserve any kind of justice, vigilante or otherwise. He's simply made it blantently obvious to at least one user (you) of a service that their data is not secure.
Now, maybe it would be appropriate for you to contact the Spymac folks to make them aware of the issue. (If they aren't already, based on the fact that many of their employees probably have their own accounts, and that he's probably e-mailed quite a few people, if my assumption is not off.) It might also be appropriate to contact him directly (if possible) and make sure he's... "guided" to the proper methods for disclosure of the data to the applicable folks and deleting it. But to go after him for doing nothing more than producing an effective proof-of-concept... he doesn't deserve what you're asking about.
Of course, it's possible that he hacked their server... but it doesn't sound like it. He said "Played around the other day with Spymac and suddenly... I couldn't believe my eyes: A list with thousands of member names right there in front of me! " That *could* be hacking (perhaps some vigilante reconnaissance would be appropriate), but something makes me doubt it.
The problem with Internet vigilante activity is the size and anonymity of the posse. In non-electronic frontier justice, the mob knew its own members, its target and usually its consequences. Not so, online.
/.ers did to Alan Ralsky. Mobs are one vengeful ex-wife, one crooked real estate agent away from devestating the wrong guy.
Consider, say, perverted-justice.com campaigns, or what
Moreover, where's the incentive to call a job finished? In-person vigilantes face certain limits of time, space and scale that serve as checks on their hostility, in addition to the fact that it's just harder to hurt a guy whose face you've seen. And even then, there've been no shortage of abuses.
Online mobs are inherently imbalaced, and can result in the equivalent of beheading people for misdemeanors.
~ ac0lyte
Scenario 1:
1) System is vulnerable.
2) The vigilante breaks into the system
3) The vigilante tells the admin
4) System must be rebuilt as if it was broken into.
Scenario 2: :-P )
1) System is vulnerable
2) Evil Hacker X breaks into the system
3) Evil Hacker X installs a trojan
4) You b3 0wnz3d (or however the kids these days say it
5) 2 months later you notice the intrusion and have to rebuild your system
So, even though vigilantes are wasting their time and effort by doing this for free.. and they do cost the company time and effort, it is, in fact, time and effort that would have had to be spent anyway. For those of you who might say that "well, who says Hacker X would have broken in?" That is simply security through exception. That's like saying you don't want to have an alarm on your house becuase your neighbor doesn't have one and he'll get hit first. It's a possibility, but I'm not putting my house on that gamble.
"I am the Black Mage! I casts the spells that makes the peoples fall down!" ~8BT
It boils down to a certain religious site (and a great many relgious individuals) believing that the earth was populated 5,000 years ago and there being living documented proof of it being populated longer. Nothing more, no need to harp on it.
The grandparent was obviously designed as a tongue-in-cheek joke, none the less.
-- This space for lease, low setup fee, inquire within!
Since so many people are complaining that I allegedly misused the term "vigilante" - here's the Webster online definition that I was thinking of:
:)
vigilante:
(snip)
broadly: a self-appointed doer of justice
In case there is further confusion - you do realize that words can have differing definitions, right? So, sorry fellas - it seems that I used the term completely correctly.
Only way to stop this kind of thing.
Doh. "might have screwed up"? I'll counter with "no it wouldn't". Care to explain why exactly that would have made it invalid, or skew results significantly enough to produce multiple magnitudes of order discrepancies? And your "Adam and Eve" angle was truly bizarre: are you claiming they lived in there for eons before that supposed 6000 year period started? Or that unlike the bible says, there was a specific, gasp, l Granted, similar excuses are rather common with fundamentals, but I'd expect more from someone who truly tries to convince crowd (Slashdot readers) that supposedly has stronger natural science background than the average US population.
Your comment is either fundamentalists sly take on abusing the (too) common relativist attitude of too many people (even educated ones have), or part of that apathic relativist agenda. "In fairness' sake, let's consider unfounded claims of one non-open minded party, no matter how easily debunkable they are" (as in trying to claim evolution a "controversial" subject when it's not one at all). That's not fairness, that's being gullible and letting fanatic minority abuse the good nature of people (well, plus bad self esteem less educated folks have WRT anything smelling of "science").
The debates between fundamentalists with their cemented views (having painted themselves in corner with fundamentalist interpretation of their holy book, be it bible, quran or whatever) and scientists (or people with strong natural science background) are uneven battles of wits, one side generally being unarmed. The end result is that "intelligent design" proponents end up pointing ostensible contradictions in tiny details, and trying to convince those completely derail whatever theory are railing against.
Finally, note that while I do consider fundamentalist believers bunch of ignorant cuckoos, I have no problem with normal pragmatic religious people. Most christians do NOT believe in literal interpretation of the bible; only the vocal minority in US of A tries to present different picture.
I like paying taxes. With them I buy civilization -- Oliver Wendell Holmes
Some script kiddie kept taking over the polish Star Trek fan channel on IRC. Admins ignored complains. ISP ignored complains. Police ignored complains. So guys tracked down his IP, found his home address, paid him a visit, broke a few bones and left.
Police ignored complains.
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
First, I oppose vigilantes everywhere, including the net.
Second, the net is a public place. Anyone who posts any information on any site has no more expectaton of privacy than if they wrote the same information on a 3x5 card and pinned it to a bulletin board at the local mall or library.
You know, there's a book on my shelves that lists the names, addresses and telephone numbers of almost everyone in my city.(Bet you have one, too.) My God, think of the privacy implications....
-- Slashdot: When Public Access TV Says "No"
No. He got caught downloading child porn and came up with a REALLY lame excuse.
But here's a third scenario...
1. System is vulnerable
2. Evil Hacker X breaks into the system
3. Evil Hacker X installs a trojan
4. j00 1Z 0wn3d
5. A month later vigilante breaks into the system
6. Vigilante doesn't see the existing trojan
7. Vigilante tells sysadmin
8. Sysadmin finds trojan
9. Sysadmin blames vigilante
Now you can argue that "well, the vigilante obviously didn't place the trojan there, or else he/she wouldn't have told the sysadmin", but steps 5-8 are still enough for a company to consider civil (if not criminal) action against the vigilante, and then it's up to a judge (and/or jury) to decide if "Well if I did it I wouldn't have told them!" is a good enough defense.
Why are you doing someone else's work for them, for free?
I find it hard to believe that the white hats are really doing it out of genuine concern for Corporate America. If you are really that altruistic, why not build a secure system that others could use, rather than try to break someone else's? So you discover an exploit - how does that help anyone if you don't also volunteer your time to help secure their system? Wouldn't it be better to help them migrate to a secure OS (such as *nix) rather than finding holes in their existing systems?
I mean, who really cares if you can root a Windows box anymore - it's got more holes than swiss cheese. The fact that you can find one of these holes doesn't make you smart, just annoying. We know Windows will never be secure; we'd appreciate it if you didn't break it any faster than normal.
I think a lot of white hats justify their cracking by calling it a community service, figuring that if they don't do any damage, then everything is ok. Well, it isn't. There's a certain degree of privacy that we like to have, and even if someone hacks a box with the best of intentions, the fact that the intrusion occurred is going to cost the victim. Consider how you'd react if you found a "friendly" reminder that you'd been hacked:
- If you had any source code, you'd have to immediately file applications for any patentable algorithm contained therein - or risk someone else beating you to it and suing you for using your own invention. You'd also have to do a complete audit to make sure that the hacker didn't introduce any back doors into your code.
- If there was any financial data, (such as CC numbers, etc...), you would have to close your accounts and re-open them.
- If you had any "intimate" pictures of your girlfriend (okay, this is slashdot, but try to imagine it...), you would then have to explain to her that she might someday find these pictures on the internet somewhere. She'd probably leave you, too...
Really, what it comes down to is that hackers hack for the power they feel when they root someone else's machine - not because they're genuinely concerned about the welfare of others. Even those who don't damage the system are still breaking the law, and the mere fact that the breakin occurred does damage - even if it isn't apparent to the hacker.The society for a thought-free internet welcomes you.
I take it that if you're caught in a similar situation, you'll come up with a much better excuse?
"Report him for what? He doesn't seem to have committed any crime.
Vigilante: A member of a volunteer committee organized to suppress and punish crime summarily (as when the processes of law appear inadequate); broadly : a self-appointed doer of justice
You need a FREE iPod Nano
that computer "hackers" are just losers angry that they can't get laid.
A note to everyone out there who gets off on cracking other people's machines-in ten years, you'll have nothing to show for your sk1llz other than a house full of lame toys. Grow up and get over infosec.
"Copy, add "@spymac.com" to every user name with a simple Find and Replace and - viola!"
How did he get a viola from those 10,000 usernames?
Love the idea, scared of the implementation. Someone would screw up and cause more trouble than the original assh*le. Crap like that gives us all a bad name.
Professional Politicians are not the solution, they ARE the problem.
Hmmm...this sounds familiar somehow. Let's see:
Good citizens keep to themselves and operate under common decency and common sense. But there are always some malcontents that feel they can do whatever they feel to whoever they want with small fear of retribution. Some governments are just now awakening to the threats of these malcontents, and have passed laws against them. Of course, these laws are next to useless, because the problem transcends international geopolitical boundaries. So what is a decent citizen to do? Nothing? Scream and cry until the lawmakers listen? Until there is a real leader in the Homeland, vigilante groups may be the only answer. Small groups of aware individuals who can root out the Jews and administer some well-deserved justice. Some may call them terrorists, but if they leave the good people alone, I would call them patriots. Will the law go after these patriots? The law may turn a blind eye if these groups keep the peace. Besides, what can the law do to the patriots that are trying to make things better when they can't even go after the malcontents? I'm all for vigilantes, until we get a real leader in the Homeland.
I forget exactly who it was who said this. 8^{
DNA is a Turing machine. You, however, being dynamic and emergent, are not.
Read The Friendly Article.
---- I've fallen, and I can't get up.
Well what i think is, Hackers hack because they can. I am not a hacker, i am a Network Consultant, that deals with Network Security issues all the time. Hacking is something that helps me understand what i can do to protect my clients. just like Magneto from Xmen 2 'this protects me from the real bad guys'. i am all about understanding security measures and port sniffs. but as far as the scum go that make money off e10 lines, using my system servers to host French Movies to europe. no thanks.....and Get a job. Seriously, the only thing that hacking does dudes, is screw up any harmony that is being created these days on the Internet. i view it hacking i guess like constructive criticism. its hurts a little, but its goal is to make us better. BUt if someone is making money off me, well screw that cuz i will destroy your board. Quote from JinxGear.com tshirt ' not even NOrtons can protect you'. i hack there for a i am? network COnsultant? hacking helps me stay in business. so its a love hate relationship. without it it would be a one time visit. with it its upgrades and updates. NOt sure what my opinion is.
I support the idea of Vigilantes on the Internet.
;)
Outcries from responsible members of the Internet community are often times ignored by those who can make a difference and finger the right people. Take Verizon DSL for instance, they continue to leave port 25 wide open allowing for a harvest of spam zombies enabling vermin to waste bandwidth, time, and countless other resources with no permission or care. That amounts to theft and an overall decrease in the quality of the internet, sort of like just watching your neighborhood go to shit and doing nothing about it. Those with power ignore this, or see more pressing issues that will get them votes or brownie points with those who need votes. Our community is shrugged off like the bad parts of town and forgotten about until a raid is needed to add a sugar glow to the public's eye or distract them from another issue. IF the bigger players would acknowledge the responsibility they carry, such as Verizon DSL closing port 25, that funnels the traffic to a more traceable medium such as their mail servers. At that time, culprits can be IDed without doubt and removed from the network till they learn to maintain their equipment and thus removing a spam zombie and an outlet to spew their shit across our network. Perhaps even employing that computer with owner consent as a "Honey Pot" to get the IPs of those making the spam connections and track them down well enough that incompetent law enforcement can get around to doing their job with them.
I've read posts about people so worried about Vigilantes going overboard and abusing power...well oddly enough I hear a lot more about Police/Judges/Politicians abusing their power. Nobody is infallible, but unwritten courtesy and etiquette have set standards that most people abide by. So it is just as possible for a Vigilante to go bad as it is a cop or any other person in a position of power. Oddly enough that very system they chose to turn on my just end up regulating them in turn. When the sense that you can get away with almost anything is gone, that cuts out a large portion of people willing to take that risk. The brain-dead spammer that read the how to article and got their spamware and knows *nothing* about the network they are bringing down might think 3 or more times about their part time job knowing their expensive PC they can't possibly fix may end up a permanent paperweight when somebody tired of their shit catches up with them. Vigilantes already act out on their own accord, how about Al-Jazeera getting dropped when they showed pictures of American GIs? (More of a censorship example and there should be NO censorship...but work with me here!) It already exists, rather then pretend it does not we all should try to focus it where it is truly needed: Script Kiddies making Virii/Trojans/Worms and Spammers. Two of the single most abhorrent mutations to pollute our network...since AOL.
Mod as you see fit, but it won't change my opinion or actions.
-1 Overrated (Too many big words for me to comprehend)
I think it's very difficult to leave opinions about Spymac aside. Yes, I have problems with them being the iWalk source (the older ones here will remember) but what's really bad is the involvement with Jack Campbell.
First of all as a side note I would point out that the first poster did say the planets had danced for 10,000 years. As the earth is a planet this does seem to imply the earth is older than 10,000 years.
While I agree that the existance of dinosoars do not logically contradict the biblical account of creation but this wasn't what the poster claimed. He said the existance of dinosaurs 'debunked' the earth's age being 6,000 years. Given that they certainly provide strong and convincing evidence they do indeed debunk the claim.
For instance suppose someone examines a supposedly miraculous crying statue. Carefull examination reveales the statue can actually be accessed from underneath to replenish water which slowly drops out the statues eyes. Quite clearly this 'debunks' the the claim of miracle even though it is logically possible no one ever did fill the statues tear ducts and it all occured miraculously.
Furthermore, while most individuals don't learn "their side" well enough to write a scientific paper on the matter this is a far cry from whether they can make a case for the truth of the matter or know if they actually believe the matter. The poster above, just by the claim dinosaurs debunk new earth creationism made a case for 'their side' (implicitly this mention of dinosaurs is referencing such facts as them being found in differnt strata, no dinosaur teeth marks found on human bones etc.). While this might not sway the undicided it is far more than enough evidence to be convincing on pretty much any other scientific controversy.
Also not being able to make the case oneself is a fair cry from believing something on faith. I've observed no direct evidence of the existance of archimedes (and in fact I doubt anyone alive today has) but yet I hardly believe in his existance based on mere faith. Instead I believe in his existance because many individuals who I have otherwised discovered to be reliable attest to this. If the only sort of warranted belief (or even belief as you would have us believe...though I am strongly of the opinion that something believed on faith is still a belief) was that which we had direct evidence for believing essentially nothing would be believed for reasons stronger than faith. Realistically, people believe in an ancient earth for the same justifiable belief I have in the existance of archimedes; other individuals whom they have reason to believe assert that this is the case.
If you still insist that this type of secondary evidence isn't valid how about we start betting on (verifieable) facts we look up in the encyclopedia. If the claims of the encyclopedia don't provide strong evidence that these claims are indeed true you certainly won't mind wagering against what the encyclopedia claims is true (i.e. look up simple science experiments which neither of us has direct knowledge of, you bet against the enclyopedia's predicted result and we do the experiment). Giving people the impression that only first hand knowledge/reasoning justifies belief only confuses the issues. Unfortunatly, it is just these sorts of beliefs (that listening to experts doesn't give one good evidence) which haunts national policy on things like nuclear power. Quite frankly people simply don't have the inclination nor interest to research every claim from first sources and if they are convinced experts don't constitute a good reason to believe/disbelieve these claims they will make the deciscions randomly or for purely emotional reasons.
If you liked this thought maybe you would find my blog nice too:
But the reason I brought those examples to the front wasn't to justify vigilantism, but rather to show that it doesn't cost the company any time or money that the company wouldn't already have to spend if they didn't want their systems broken into.
"I am the Black Mage! I casts the spells that makes the peoples fall down!" ~8BT
look here for all your 127.0.0.1 joke needs.
Don't thank God, thank a doctor!
Well, if "it could diddle with cabon dating" then that means it sure wanted us to believe cabon dating works. By not believing in carbon dating you are not beleviing what God wanted you to believe.
Underloved Movies and Pub Quiz: donotquestionme.org
"By not believing in carbon dating you are not beleviing what God wanted you to believe."
I didn't state anything about myself. My belief or disbelief in the carbon dating process is irrelvant. The point is that an Omnipotent Being is all powerful. It can do anything. It is not bound by the physical laws lesser beings must obey.
Charles K. Clarkson
Many people truly want to help. Unfortunately, many people truly suck at it.
The best example of online justice, imo, is in the movie "Jay and Silent Bob Strike Back", where the protagonists obtain a fortune at the end of the film, since a movie was made based on their lives, and then spend it on tracking down everyone who talked shit about them on the Internet, flying to their houses, and beating the crap out of them :-)
Having poor security on your website is like leaving your car unlocked in a bad neighborhood. Yea. you shouldnt have to do it, but if you don't and you get get your car stolen, your going to feel pretty stupid. Lets face it, the web is a bad neighbor hood, and unless your website is a Yugo, theres a chance sombody might try to break into it.
Steal my band's record! Seriously,
The debates between fundamentalists with their cemented views (having painted themselves in corner with fundamentalist interpretation of their holy book, be it bible, quran or whatever) and scientists (or people with strong natural science background)
I'll agree with you that many folks in the 'fundamentalist' camp have 'cemented views.' Many of them are certifiable.
It seems that you are suggesting that scientists are not subject to the same kind of cement.
Scientists, the last time I checked, are people, and as such do have the same basis for their ideas that fundamentalists do.
As an example, I'll offer that if a scientist is an atheist, he (or she) is asserting that no God exists. That is a 'cemented view' that sets the place from which the scientist observes the universe.
We all have a bias. The question is, which bias fits the universe best?
But Herr Heisenberg, how does the electron know when I'm looking?
I think that we are in agreement. As a fundamentalist, I do not oppose science - that is, good science - science that adheres to fundamental principles of science.
I'd sumit that most atheists I know - and I know a few - are completely unwilling to change their opinion. For most that I have questioned, there is *no* evidence that they would consider sufficient to change their point of view - and they call themselves free thinkers?
Many Christian fundamentalists 'major on the minors' by insisting on things that are not actually in the bible, or instead, violate principles of biblical interpretation by using a 'wooden literal' approach. The Bible does not claim to be a scientific textbook, and contains many different styles of writing. Literal interpretation is not always wise.
Let me put that in context. I *am* after all a fundamentalist. I think that:
1. The Bible is authoritative and accurate in its information. The objections to biblical accuracy that are well documented on the internet are also well refuted on the internet and elsewhere.
2. God created the universe - and the details are not provided in scripture, but
3. The creation as documented there certainly appears to reflect a seven-day creation. Other theories that attempt to include a long gap between days 1 and 2 are a stretch as far as I'm concerned.
Does that give me a cemented view? Perhaps.
I think that it is conceivable that scientists will one day conclude that the earth is substantially younger than is currently believed. After all, if new evidence is gathered that support that view, shouldn't science change its position?
Ultimately, I have the same physical evidence that an atheist has. Neither of us was present during creation (through natural or supernatural processes) and so neither of us can rely on the pure scientific method (lather, rinse, document, repeat) for affirming our positions with respect to universal and life's origins.
We each have theories that explain the evidence that we find, and sometimes each of us speculates.
Does that make the atheist's position more sound than mine? Only if his speculation is more supported by facts than mine.
Interestingly, if science is dominated by folks with 'an a priori commitment to naturalism' who will form hypotheses that conflict with conventional wisdom in science?
Respectfully,
Anomaly
But Herr Heisenberg, how does the electron know when I'm looking?
so "he's" just screwing with us? sat up there on a little crowd laughing his tits off?
The following could be much longer answers, but I'll try to keep them as short as possible:
:)
1. The Bible is the inspired word of God as written by men. Each author communicated using his own style, but the content was given by God and protected by God so that what was written was 'The word of God.' The Jewish people were the keepers of the 'Hebrew Scriptures' and they preserved those writings over time. The early Christian church absorbed the Hebrew scriptures (Jesus *was* a jew) and brought them together with the writings of the apostles. In 393 and 397 councils recognized the canon of scripture as hose books that were already accepted by the church as a whole. That is to say - man did not determine which books were from God and which were not. God revealed that to the church.
2. You might as well say "Define God and give two examples"
God cannot be contained in the Bible. The Bible contains the Word of God, but is not God. Your image appears in a mirror when you walk by, but the mirror does not contain you. Vampires excepted, of course.
Why do you ask?
Respectfully,
Anomaly
But Herr Heisenberg, how does the electron know when I'm looking?
Recall that this is the Supreme Being who, according to legend, created beings with original sin just only to have them search for absolution from that sin through faith. That takes a being with either great sense of humor or a really twisted sense of humor.
An Omnipotent Being would receive the punchline when it started the joke, so I doubt it would be laughing long. Even screwing with us would get boring after a few microseconds. No, there must be some hidden meaning there which we are unable to perceive which prompted such a Supreme Being to play such obvious jokes.
Charles K. Clarkson
Many people truly want to help. Unfortunately, many people truly suck at it.
I'm posting to slashdot, not writing a theology treatise. You are of course right about Christ being the Word of God - the word became flesh and dwelt among us.
I'll take some isue with your assessment of the 'average fundamentalist.' I happen to know a great number of them, and I'd say that the average fundamentalist that I know is not consistent with your description above.
With respect to the 'recent theology' component, I'd have a bit of a problem with that view.
The book of Genesis reads to be the description of the creation of the universe, and the declarative history of humankind. To interpret it as an allegory is one possible explanation, but it doesn't hold water.
When Christ was questioned about marriage, he talked about Adam and Eve as if they were real individuals. When Paul was writing his letter to the Romans, he directly addressed the issue of original sin by explicitly referencing the sin of the one man - Adam, and the redemption of that sin through the man Jesus Christ.
Make Adam an allegorical figure, and there's little need for a real redeemer, but rather an allegorical one. The heroes of the faith listed in the NT book of Hebrews lists the men from Genesis in the long line of people who lived lives of faith. Make them an allegory and you add confusion to the mix because slearly that section of Hebrews talks about real, living people (living at that time) and it seems a little weak to suggest that some of our examples are actually models of what an example might be.
It's possible that there's an explanation for Genesis that doesn't conflict with current conventional wisdom in science, and I'm open to that, but it needs to hang well with the rest of the Bible, or I'm inclined to say that the explanation is unlikely to be valid.
It seems most likely, given my current understanding, that science will change its views about dating and cosmology (again) when more is understood about the universe, and that will likely harmonize physical evidence with scripture.
I could go on, but this *is* slashdot...
(Time for a reload of the slashdot front page to see if I've missed something exciting....)
Respectfully,
Anomaly
But Herr Heisenberg, how does the electron know when I'm looking?
You've got a good point there. I'm talking about things that don't cause a sysadmin to worry too much. Things like nmap, simple network circumvention, etc. Also tests for software vulnerabilities should be done on test boxes that you own. It's not okay to DDOS someone just because you don't like what is on their site.