
Going Too Far to Prove a Point - wglb
http://taosecurity.blogspot.com/2015/07/going-too-far-to-prove-point.html
======
Nadya
_> Believing it is ok reflects the same juvenile thinking that motivated
another "researcher," Chris Roberts, to apparently "experiment" with live
airplanes, as reported by Wired and other news outlets.

Hackers are not entitled to jeopardize the lives of innocent people in order
to make a point. They can prove their discoveries without putting others, who
have not consented to be guinea pigs, at risk._

Part of me wants to agree. Part of me wonders how many times a major security
issue can be ignored, jeopardizing lives, simply _because_ it doesn't get
media coverage and was disclosed to the company but ignored by them.

Do you trust companies won't simply sweep a problem under the rug and try to
forget about it? I consider that to be naive.

The person you cited, Chris Roberts, had brought up the issue with multiple
airlines multiple times for _years_. The problem persisted because he was
ignored.

Would it take a malicious hacker hijacking a plane and killing all 200
passengers/crew on board to fix the problem? Or would you rather him try and
publicize the dangers of their systems with a harmful stunt of dropping down
oxygen masks (which he didn't end up doing, just tweeted about how he might)?

Personally I'd take the oxygen masks, but it seems other people would prefer
to wait and see if 200 people have to die before an issue gets fixed...because
that's the more "ethical" solution.

