There is the law of the sky which tells us what is right and wrong.

     There is the law of the land, which tells us what is legal and

     Just because something is legal doesn't mean it is right.

     Just because something is illegal doesn't mean it is wrong, and it
may in fact be mandatory according to the law of the sky.

     Thus civil disobedience can be a morally mandated duty.

     People who claim that something is right just because it is legal,
or that something is wrong just because it is illegal are hiding behind
the law.

     We have a moral duty to do what is right first and what is legal

     God and Angel do not hide behind the law.

     When you get to the Pearly Gates, Saint Peter won't be asking you
if you have done what was legal, he will be asking you if you have done
what was right.


     There are three kinds of hackers.

     White hat hackers obey the law of the land.

     Gray hat hackers are willing to break the law of the land to
protect the law of the sky.

     Black hat hackers break the law of the sky.


     There are two kinds of software.

     Proprietary and Open Source.

     Proprietary code is secret and it is illegal to hack into it and
reverse engineer how it works.

     Open Source code is public and it is legal to hack into it and
reverse engineer how it works.

     All code has errors, many of which provide security holes which are
dangerous to those using the software.


     Black hat hackers will reverse engineer proprietary code, and if
they find a security flaw, they will keep it to themselves and exploit
it to their own benefit at the expense of others.

     Gray hat hackers will also reverse engineer proprietary code, but
if they find a security flaw, they will inform the manufacturers of the
code and give them time to fix it.  Then a certain reasonable time
later, they will also broadly publish the security flaw and how to
exploit it.

     This pressures unethical or sleazy manufacturers to fix their code
rather than leave it broken for Black Hatters to find.  When the Gray
Hatters publish the security flaw the Black Hatters get it also, but by
that time it should be fixed so they and no one else can do anything bad
with it.

     Manufacturers of proprietary code dislike Black Hatters, but
dislike gray Hatters more.  The Black Hatters keep the security flaws to
themselves where only they can exploit them, or blackmail the authors to
not do so.  Many code authors would jump at the opportunity to keep a
serious flaw quiet, to protect their reputation, even if they did fix

     Gray Hatters make the security flaw public after a fair amount of
time to force the manufacturers to fix it.

     Some people think that gray Hatters are those who alternate between
Black Hatters and White Hatters.  That's like shooting someone today and
not shooting someone tomorrow.  That's not gray, that's psychotic.

     White hat hackers will not touch proprietary code because it is
illegal to do so.  If they consider they have a moral mandate to break
the law of the land to protect the law of the sky, they become, in that
moment of choice, gray hat hackers.


     All three kinds of hackers will review and vet open source code for
security flaws, and use them for their own purposes.

     Black Hatters will use the security flaws they find to benefit at
other's expense which is a violation of the law of the land and the sky.

     Gray Hatters will disclose the security flaw first to the author of
the software to give them time to fix it, and then disclose it to the
general public to make sure it is "fixed and stay fixed or else."

     White hat hackers will do the same as the gray hat hackers.

     It might be tempting to say that the gray Hatter should not
disclose the security bug publically, but only privately, to the
software author, particullarly if it is 'fixed', so that the annoyance
of endless script kiddies exploiting the code without any understanding
themselves can be avoided.

     It's one thing to have a few highly intelligent Black Hatters
exploiting your code, it is quite another to have 10 million grade
school kids who know a little linux, posting the exploit along with
naked selfies to all their friends, exploiting it for fun from all over
the world.

     You understand?

     However script kiddies are the gray Hatter's guarantee that the
software author will fix the flaw lest everyone and their blond
girlfriend start causing trouble with it.

     And in any case, if a flaw is 'fixed' by the author and then kept
under wraps, the other gray and White Hatters won't have an opportunity
to check out the corrected work, thus it may still be wrong, or related
to something near by that is also or more wrong.

     No gray Hatter wants to take the responsibility of personally
offering to guarantee that a serious bug is fixed, even if the original
author he informed says it is.  So the flaw gets published publically.
Everyone else's vetting of the same code is the gray Hatter's personal
guarantee that the code was almost assuredly fixed right.

     Any hacker can think code is right when it is still wrong but
thousands of hackers are probably not wrong.  Anyhow this kind of
guarantee, one, that code is fixed, and two, that code is fixed right,
is as good as it can get, so accept the process we must, even if we have
to suffer the relatively harmless slings and arrows of outrageous script
kiddies taking our system down from time to time, before the author
fixes it for good.

     If the flaw is not fixed, and a Black Hatter finds it, then all
hell may break loose.  That will be the day that you will pray to God
that the script kiddies had done their job ahead of the Black Hatters.

     To publically publish or not to publish a security flaw is a moral
choice, and each Hatter is responsible and accountable for the quality
of his conscience and the consequences of their actions.


     Proprietary code provides security through obscurity, since the
code can not EASILY be reviewed by anyone interested, security flaws can
remain undiscovered for a very long time.  When they are discovered, if
they are discovered by Black Hatters, they can be exploited forever
until someone else discovers the same security flaw and is willing to
reveal it to the author.

     Thus proprietary code often provides the illusion of security, all
the while the code may be infiltrated and infected at many installations
of importance, including national importance.  If all of the security
flaws are hidden through obscurity, then all will be well until a Black
Hatter finds one anyhow.

     In general then, over time, security by obscurity means you are
owned by the enemy lock, stock and barrel.

     Open Source codes does not have any security through obscurity,
because the day it is set in operation anyone and everyone who is
interested in security flaws, whether Black, Gray or White, will be
combing through the code trying to find flaws before anyone else.

     The Black Hatters want the flaw so they can exploit it for a while,
to inure to their own benefit at the expense of everyone else.

     The Gray and White Hatters want it so they can get it fixed quickly
and get a public gold star for their record.  They love this, its an ego
thing.  "I saved the world!"

     Be grateful.

     Thus when open source is first published, it tends to have a lot of
security updates resulting from global full time scrutiny by the hacker
community, but then it becomes rock solid and much safer to depend upon
than proprietary code ever will.

     There are two main goals of the Black Hatters.


     The primary goal of Black Hatters is not necessarily to destroy the
system but to suck off of it, money or useful resellable data, for a
very long time, so they tend to use extreme stealth in their exploits.
They don't want anyone to know they are there, ever.  They won't crash
your computer because their daily take stops flowing.

     These are the criminal Black Hatters.

     The other goal of some Black Hatters is to destroy the system
completely, these are the terrorist Black Hatters.

     Terrorist Black Hatters want a public show of their presence,
usually for political or religious ends, rarely for money per se.  They
have considered that their law of the sky has been so egregiously
violated by their target, that they are willing to violate the law of
the land to hack and destroy, even if little or no personal gain comes
to them, often at great personal risk.

     It is tempting to call these kinds of terrorists cowards, we do so
because their moral mandate scares the hell out of us.

     The Black Hatters who invade banking systems to siphon off free
money to themselves so they can live better are criminals, they have no
interest whatsoever in destroying the system or society.  They are
parasites who know the importance of their host remaining alive and
feeling well.  Their relationship with their targets is often symbiotic,
its just not agreed to by both sides, and of course the fair trade is

     The Black Hatters who invade banking systems to shut them all down
one day, are often on a suicide mission from on high, because should the
banking system or all power/food/transportation etc shut down the
results would be apocalyptic and harm the hacker himself along with
everyone else.

     At that point the common man's only option would be to become real
religious real quick, apologize to the Lord, and wait for some kind of
rapture or something to take them up, because it will be fire and smoke
for everyone else down here on Earth for the rest of time.

     You wouldn't recognize the next stable society that might arise.


     Relative to any particular given country, most of the terrorist
Black Hatters are foreign to that country, and who have declared a
covert war against that particular country.  Some Black Hatters will be
working within the targeted country as operatives behind enemy lines.

     The governments of all countries are putting covert cyber weapons
of mass destruction (CWMD) into the computer's system of all other
countries, particularly their enemies but friends too, just in case they
are needed.

     So now we have chemical, biological, atomic, genetic and cyber
weapons of mass destruction.

     The purpose of infecting other nation's cyber infrastructure is to
create mass destruction or interruption to those computer systems if
needed.  But since all of society depends on these computers at every
level of its existence, the mass destruction of computers means the mass
destruction of that society.

     And of course each country is in turn infected by the cyber WMD of
many other countries.

     Except for America of course.

     America doesn't have the weakness in its systems to be infected by
its enemies.

     And America doesn't have the ethical paucity to stoop to such
shenanigans in return.

     Not under the eternal vigilance of the American Flag.

     For the rest, it is Mutual Assured Destruction (MAD) all over
again, much worse than any nuclear war we could do.

     But it all plays out the same way, "If you push your little red
cyber button, we will push ours in retaliation."

     Until then let's hope a fan doesn't burn out and push the red
button for us.

     And pray the Good Lord blows a UPS dead on those intending a
preemptive strike.  UPS = uninterruptable power supply.

     Most of the merely criminal Black Hatters should be rounded up and
put to work as Gray Hatters working for the world against the terrorist
Black Hatters working against the world.

     Give them a jail cell if you wish, but give them access.

     The jail cell merely becomes a bunker where they can work safely,
and perhaps redeem their sorry asses.

     They will be needed.


Homer Wilson Smith   Clean Air, Clear Water,    Art Matrix - Lightlink
(607) 277-0959       A Green Earth, and Peace,  Internet, Ithaca NY
homer@lightlink.com  Is that too much to ask?   http://www.lightlink.com

Sun Jan 18 21:10:25 EST 2015