Recently I had one of my webservers compromised with a fresh exploit that had been released. I was actually in the stage of testing the patch for it on my mock server. Guess he was just too fast for me. The thing is he didn’t do anything, I mean didn’t deface or touch anything. (Well I couldn’t find any evidence and he said he didn’t, the box was formatted regardless.)He simply emailed me and let me know of the opening. Well at first I was upset… my domain, my world had been violated. But then I realized… “Man I’m glad he wasn’t a vicios web defacer punk!” I mean coming in to work and having my boss looking at a defaced website that I am in charge of securing… that would be awful. So now it was decision time. Of course I have always dealt with hacking as a 0% tolerance, but this was different. I actually felt a little appreciative. I decided not to persue after this individual. What would you do? Do you see “hackers ethics” as being useful or just bull? I see it as a double edged sword really.
