It never seems to amaze me how stupid some of these computer societies (or any other technical society) can be…warning the world not to do something is sure to cause more people to do it. Especially when computer crime is one of the least prosecuted crimes, it seems like prosecutors have to throw the book at folks to make an example of them, because they are likely not to throw the book at everyone.

The funny thing about their advice, and most folks advice in this manner, is that running the sshd exploit is not always illegal. In a matter of fact, I’ve run the sshd exploit numerous times, and have never once had to worry about the feds cracking through my door. I run the exploit against my own hardware, my own operating systems, on a non-Internet connected network run by me using my own hardware. This, along with many other exploits I am testing out in order to figure out ways to securely run services and defeat attacks.

Furthermore, advice like this actually stands to harm administrators, who don’t realize that they can use “safe” exploits to test their systems for vulnerabilities. I hear folks all the time saying they would never run exploits against their own machines to test security, yet my real servers have never been exploited, and their’s have, likely because they haven’t taken the time to figure out what the problem is and how to fix it like I have. Yet folks still point to what I do as being either illegal (it isn’t) or unethical (how?).

No, you shouldn’t run these exploits against systems you do not have a legitimate reason for attacking, but this blanket “do not hack” attitude has to stop for the benefit of society.