Why LulzSec may not be as bad as many people think they are...

[tobestool]

I wrote this a while ago and never got round to polishing it off before. It seems a little dated now, as it was mostly in reference to the PSN attacks etc., but I feel I should probably put it up rather than delete it.When you find a security vulnerability in real life, you have a fairly basic choice. You can take advantage of it, or you can alert

Comments

[decayz]

The thing is, lulzsec only do things to piss people off, that seems to be the only motive. The link you posted about siemens is what I believe to be the acceptable way of doing things. Unless you're out to damage the company you should give them a chance to patch it before telling the world. Security researchers attack things out of interest, lulzsec choose targets out of malice.

[tobestool]

I think the article has been rewritten since I first wrote this, either that or I completely missed the point when I read it. I agree that seems to detail a much better thought out method of reporting problems. I should probably have a look for a new link which better supports my point.

Your point about Lulzsec is interesting. I saw them from the other point of view, that they are trying to publicly show examples of poor security to make it more of a priority to the board to spend on well thought out methods. Perhaps I'm giving them too much benefit of the doubt and they really are just in it to make a nuisance of themselves.

[wehmuth]

I don't disagree with your general points, but I don't think the link is a very good example of what you're trying to say.

[tobestool]

See above, I thought I was linking to an article about Siemens lawyering up, rather than listening. I'm not sure if I completely mis-read it or it's been re-written. I shall look for a better example at some point.