11

I have seen a number of questions on how to bypass network security. I was wondering if superuser (or stackexchange) had a policy or stock answer about this?

As a regular kind of user, I can empathise with the frustration of the person who is asking the question, and that they usually have quite a naive appreciation of issues and concerns involved with a system has been configured in a specific way to limit it services.

I also know the other side all too well, I am a network admin/manager, and there is (usually) very good reason, and a fair bit of thought put into on why we generally block certain types of traffic: licensing, capacity management, and government and professional regulation come immediately to mind.

I am wondering if they questions should be flagged, answered, or if there is a generic answer that someone has already come up with a good informative response?

I have also seen a variety of responses, some philosophical, and some practical. One person responded with that 'these restrictions are put in place because those doing so have little understanding of the actual issues and laws, so we therefore should focus on the technical merits of the question.' I really could not disagree with that perspective more, and most systems admins that I know are all to familiar with the issues involved; we would dearly love to permit an open system, available to everybody, but we can't for varying, multiple reasons.

On the other hand, if we are examining the technical merits of the question, isn't the question better placed in ServerFault? That is the place to ask really technical answers.

I think my overall view is that we should be recommending that the person discuss their requirement with the network administrators, company management, school administrators, as it is after all their network, and their responsibility.

3 Answers 3

8

I have seen a number of questions on how to bypass network security.

While security questions are not off-topic on SuperUser, they should still pertain to one of the general environments we support; e.g., a home network, a Windows/Mac/Linux box, a small business network, etc. Large enterprise security stuff belongs on Server Fault or Information Security sites.

As long as the question is on-topic for SuperUser per the guidelines in our help center, there's no reason to close it based on the fact that it's about bypassing network security. We even allow discussing things which, if actually carried out, may be considered illegal in some countries. Our policy on "gray area" questions has generally been: if the question is of good quality and topical, when in doubt, let it stay on the site.

However, the way the question is framed makes a big difference. If they are asking for information/clarification on a specific method of attack, and they tell us what they've already tried and the results, this suggests that they invested sufficient time in trying some stuff on their own first. We'd be likely to accept the question.

If, on the other hand, they simply say, "There's this WPA2 wireless network run by my neighbor that I want to break into. How do I do it?", this is likely to be closed as either too broad or off-topic. There's not enough information here, and it shows no evidence that the OP attempted something on their own first.

Basically, questions which are specific (not just "how do I break into this" but "how do I use X technique or Y software to break into this" or "I tried Z but it didn't produce the result I expected, am I doing something wrong") are likely to be accepted. On the other hand, questions which are very broad and involve the user sitting back and asking us to do all the work for them ("How do I break this?") are going to be closed.

1
  • 3
    +1 for a pragmatic approach. The purpose of this site is to provide accurate answers to technical questions, not to opine on issues of morality or play guessing games about what may or may not be legal in the asker's situation.
    – user89061
    Commented Apr 15, 2014 at 9:07
4

This is tricky and I think normally, based upon previous answers I've seen, it depends on the purpose of the question. There are often legit reasons for doing something a little naughty!

For example

How do I hack my own computer to get my files back since I lost my password

is fine, we can see there is no malicious intent.

The question

How do I hack something I shouldn't for the purpose of evil

should be closed, but definitely down voted. IMO it's off topic, but with the voting system as it is, even if you vote to close it an no one else does, then who cares - that's the power of the SE sites vote system, to ensure the closes are (usually) community based.

We can only act based upon the question and the information they give us. I've learned of some very cool tools/processes which could be very useful for when I build an army of super villains. However, I learned them from simply stumbling upon them... I'm sure if I wanted to find something I shouldn't have access to, then Google would show me a different forum with the detail I would need.

2
  • 3
    So append 'for the purpose of good' to the question, then? =)
    – rakslice
    Commented Apr 5, 2014 at 17:01
  • 10
    The only things that differs between that 2 questions is the lack of social [engineering] skills of the author of the second one.
    – user60171
    Commented Apr 7, 2014 at 14:11
1

I Think the important thing here is judge if the author is having right to do it. Not "hack somthing you should'nt", more of "hack something that is illegal to hack".

For example, a more difficult case may be this: "How I do to bypass the administrator password of my own computer, after I installed the employee lockdown solution CD-ROM from my employer, that I had to install to my home computer as a contract between me and my employer, which resetted the administrator password to something my employer only knows."

In some juridicsions, this is illegal to bypass the password on your own computer because you signed a contract ("pactum sunt servanda"), disallowing you admin access to your own computer, which means its illegal computer intrusion to actually hack your own computer if you signed such contract. In other juridisicsion, this is fully legal, since such a contract also require a transfer of ownership of the computer to the employer to be legally enforceable.

I Think, here, the Community should err on the "good" side and allow the question to proceed, and put the responsibility to obey the law on the person who is asking the question or is following the advice.

A good idea could be to put a safety notice in all responses where the legality may be a concern, something in the styles of "Note that following my advice on how to solve this problem may be illegal in some juridicsions. Its the person who makes use of this advice, that have the complete responsibility to follow any local laws. I as a respondent, do not take any responsibility for how people use my answer."

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .