Hacker News new | past | comments | ask | show | jobs | submit login

How would you feel if I broke into your place of business, made a list of all of the things you were doing that were out of compliance with federal and state laws and regulations, then left you my card and offered to let you hire me to do legal compliance work for you?



"Broke in" rather presupposes the point.

If we're analogizing, an exterminator seeing rat droppings in your restaurant and offering to solve your problem rather than letting the department of health deal with it, is a slightly more realistic example.


Taking that a step further: it is like an exterminator going around different of restaurants, then crawling under customer's tables while they are eating, saying, "Don't mind me, just looking from rat droppings."

A more legit exterminator would agree to come past while the customers were not there.


Legally, pushing open a closed door is "breaking in." It's precisely how a lawyer would describe someone who opened the door to your business to come in and look around for stuff.


That's not quite a fair analogy. It'd be more like if you go into a bank and see a giant hole in their vault. You tell them about it and they sue you for breaking it. Meanwhile actual criminals come and go as they please anonymously. The bank's clients are the actual victims of course, it's not like this just affects the bankers.


No, you've misread the story. Nobody is being threatened simply for observing vulnerabilities. Instead, people are discovering vulnerabilities in popular software, and then exploiting them across thousands of machines to "prove" something everyone already knows: lots of people are vulnerable.


If it was well known that large and highly funded subsets of foreign militaries were roaming around breaking into everyones businesses and stealing things / exploiting the lack of legal compliance then, yes, I'd be very pleased that someone took the time to both find the mistake and give me the chance to fix it / get it fixed by them before it was used against me with legitimate malicious intent.


That's the kind of thing that's easy to say on a message board and colossally unlikely to match your revealed preferences in reality.


There actually are real-life burglars. That isn't hypothetical. Would you really grant people permission to burglarize your business to demonstrate its susceptibility to burglary?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: