Category: Ethics

Waging War in the Digital Age

What are the ethical ramifications of waging war via computer? Does war even have to be declared? Where are the boundaries in the virtual world? What happens when machines begin to think for themselves? These are the questions I explore

Posted in Computer Crime, Ethics

I Support George Hotz

For the past couple of weeks, I have been reading with great interest the coverage of Sony deciding to bring suit against George Hotz. George, or GeoHot, as he is known, and others like him, hacked the PS3 after Sony

Posted in Dialogue, Encryption, Ethics, Personal Liberty, Secure Design

Where do You Draw the Line?

As a young infosec practitioner, I quickly learned that morals and ethics had to be intertwined with everything I did. Someone with the knowledge of how to defend systems usually has a pretty good grasp on how to attack them.

Posted in Dialogue, Ethics

How Free Do You Want to Be?

When I bought a laptop about three years ago, I booted it up, read the Windows Vista EULA and decided it wasn’t for me. A quick reboot and install of Ubuntu took care of my concerns and has served me

Posted in Ethics, Personal Liberty Tagged with:

Beware of

Awhile back, I blogged about how not to handle notification of a possible breach. In that case, I began to receive spam to a very unique address only used at one place. When I attempted to report the potential breach,

Posted in Computer Crime, Ethics, Incident Response Tagged with:

The Ethics of Publicly Disclosing Breaches

In the security research community, it is commonly held that the ethical thing to do when discovering a vulnerability is to contact the software developer. Only after a lack of response, after the vulnerability has been fixed, or after the

Posted in Dialogue, Ethics, Incident Response Tagged with:

2WoO Day 3: Abusing OSSEC–the Countermeasures

Yesterday, I blogged about how we could beat OSSEC up, or, to put it more accurately, the people and protocols behind it. Today, we’re going to discuss how we can fight back against the bullies. For this post to make

Posted in Computer Crime, Ethics, Intrusion Detection, Log Analysis, Log Management, Risk Management Tagged with:

2WoO Day 2: Abusing OSSEC

No discussion about the effectiveness of a security monitoring tool would be complete without exploring ways to defeat that tool. While this may seem self-defeating, it is my belief that an honest perspective about strengths and weaknesses of the tools

Posted in Computer Crime, Ethics, Intrusion Detection, Log Analysis, Log Management, Risk Management Tagged with:

An Analysis of the Analysis of the Attack

Over at the Apache blog, you’ll find a nice and detailed incident report on the recent, successful attack on I thought it might be worth a few minutes to share my thoughts on their write-up. First, I would like

Posted in Computer Crime, Ethics, Incident Response, Intrusion Detection, Log Analysis, Secure Administration, Secure Design, Systems Hardening Tagged with: , ,

The OSSEC Effect

Many years ago, after I had been using OSSEC in an enterprise setting for a few months, I noticed an interesting phenomenon. Administrators, many of whom I had forwarded “was this you?” alerts to, were now coming to me to

Posted in Dialogue, Ethics, Intrusion Detection, Log Analysis Tagged with: