-:The Datacore:-

This editorial is in response to "The Hacker Ethic" by John C. Dvorak of PC Magazine
The original article: http://www.zdnet.com/pcmag/stories/opinions/0,7802,408636,00.html
Editorial written by: TheHex

Re: The Hacker Ethic

I recently read an article in PC Magazine by John C. Dvorak called "The Hacker Ethic." Although he did bring up some very interesting points, and also had a very nice way of relating his story, but at the same time I feel that he still has the typical mis-informed corporate view. Not willing to give us a chance, and not being able to define "us."

First in his article he said "The hackers who attack sytems because of these flaws have been lionized as heroes, because they've shown us that our computers are unsafe. I would like to announce to these folks that I am aware of this safety factor, and I do not need constant reminding." He then stated "Exactly how the computer hackers, (actually computer cracker, in more accurate parlance) became a folk hero is one of the most interesting sociological phenomena this country has ever encountered." After he cleared up that when he said "hacker" he meant "cracker" he still continued to use the word "hacker" through the whole article to describe these vandals.

As far as announcing to the world that you are aware of security risks, Mr. Dvorak, that is a relief. Especially since you are considered an expert in your field and regularly write about IT. For the common user, or neglegent system administrator is this also true? Not always. Security risks will always exist, it's part of the package. As long as there is a system online, there is always a security risk. There is a key or a way to make a key for every lock.

As far as "hackers" or "crackers" go as being folk heros, I think it is a shame that you look at it like that. Of course with mirrors of webdefacements, it is easy to get publicity for defacing websites. If this is what you mean by "hacker" or "cracker" folk heroes then I understand what you mean. I think that it's a shame that websites and other systems are "cracked" for no reason other then to impress someone, but hey, back to reality here, it's just like the real world. Jealousy and envy will always exist. So, let's get off of the "hacker" or "cracker" folk hero trip. Any decent, ethical "hacker" would not support such influences, or folk heroes.

I guess it all depends on how you define a hacker, back to that again. If you define a hacker as someone who goes around "cracking" systems or webpages, then obviously you are going to feel this way, but if you look to the true meaning of what a hacker is you will see otherwise. If you define a hacker as a security enthusiast, a system administrator, a technical enthusiast, etc etc, then you will feel differently.

Another paragraph into the article Mr.Dvorak commented "Computer systems open to the outside world are not secure, okay? Been there, done that. It's boring." He then analogyzed "If I leave my door open at night and someone roams in and messes up the place, I don't need an expert in the form of a burglar to tell me that I have virtually invited the person to do this. I invited nobody to do this. I trusted they wouldn't."

Mr.Dvorak, "Computer systems open to the outside world are not secure, okay? Been there, done that. It's boring." is open to attack. If we've been there and done that, and if software companies and system administrators accept the fact that computers open to the outside world are not secure, then maybe it would be a good idea on working on new ways of securing systems? Instead of defending the lack of control with a negative and ignorant statement such as "Been there, done that. It's boring." If it's so boring then why isn't it fixed?

Underestimation is the first mistake. How can you defend companies and businesses that have been hacked with a simple, I don't need so and so telling me this and that? When the reality of it is that ethical hackers are actually working towards improving security flaws. "Hackers," or security enthusiasts such as Packetstorm, ProHACKtive, @Stake, and many others are working towards fixing security flaws!

Mr.Dvorak then talked about denial of service attacks. One comment that he made was "I wonder how that logic sits with a guy who's trying to run an IRC server as he fights off endless denial-of-service attacks dealt by giggling goofball kids who downloaded the attack program from the web."

Yes Mr.Dvorak, it is true that there are many "users", primary adolescents who download denial-of-service tools and will maliciously use them against other users or servers. This, has nothing to do with what a real hacker is about.

As far as IRC goes, Project Gamma, 2600 The Hacker Quarterly, Hackdesk.org, and many other "hackers" or "security" enthusiasts run IRC servers. Some even helpful where people can get help when they are attacked, security problems, and general help.

I feel that Mr.Dvorak does have good morals and ethics, but he misplaces the word hacker at times. This is not meant to be an offensive editorial, I am just expressing my opinions and feelings. Mr.Dvorak has made some valid points, I just think that he needs to correct his word usage and be more specific. Maybe I misunderstand where he stands, or where he is coming from, but that only means clarity is needed.

Regards,

TheHex

The Datacore
Founder/Webmaster

hackademic network
Founder/Webmaster

HFX International Org.
News/Info System Admin.