@ Rolf Howarth Posted Sunday 7th June 2009 23:12 GMT
>>> It seems to me it ought to be possible to determine the intention of one of these programs fairly easily. Surely there's a difference between detecting a vulnerability and actually exploiting it. A password cracker that scans for weak passwords and then reports which accounts are vulnerable only needs to display a score and lock the account out, it doesn't need to display the password it found.
Well that depends. If your only interest is in knowing that there is a weak password, then you are right. But perhaps the admit would like to know WHY the password is weak, or HOW the user that set it thinks - because that is more likely to actually solve the problem than simply acting the bad guy (in teh users eyes) by educating them with a bit of "clue by four".
Or, the purpose of password cracking may be to gain access to your own equipment - perhaps you are the city public authority and your network admin has changed all the passwords across the whole city and won't tell you what they are.
>>> As for jail breaking iPhones and removing copy protection mechanisms in it being "ok because it's your phone", how is that any different from claiming that jail breaking a satellite receiver and removing protection within that is ok just because you bought the receiver?
There is a big difference there. Hacking a receiver is usually (but not always) done as a means to getting services for which you have not paid. That is NOT the case for unlocking/jailbreaking an iPhone - where your reasons are simply to allow you to use the device to run your choice of software on your choice of network supplier. Only if the purpose was to allow you to use (say) AT&T's network without paying AT&T a cent would your analogy be correct.
The locking stuff on iPhone is not there for any valid security reason, it is there simply to reduce user choice. See http://www.eff.org/cases/2009-dmca-rulemaking