on the general ethics of tones in hacking tutorials

Mubix recently posted a how-to on OzymanDNS; basically how to create an SSH tunnel over DNS.

And he has now posted thoughts on whether tutorials like this are unethical (or the situation he is in himself as a Hak5 host and mentioning how this can circumvent hotspot captive portals). I highly suggest reading both posts as he makes great points (and I love me simple tutorials).

My position is probably fairly easy. I’m fully in favor of such tutorials, but I do appreciate, and add to any advice I give, any information on whether something is potentially illegal or something you can get fired over if you do it at work. Sure, I hate those “only for educational purposes” blurbs in almost every 2600 article as much as anyone (know your audience!), but they are useful when someone truly doesn’t think about those consequences.

Sure, some teens watching Hak5 might turn into tomorrow’s black hats, but they may also turn into tomorrow’s security geeks because of the information they received in pushing systems to and beyond their limits, or challenging controls that are not fully secure, or simply trying out something new that sparks new ideas.

I appreciate that Mubix thought it over, and I do as well whenever I give advice. However, if we don’t toe the line on ethics of that nature, we’ll continue down the road of not sharing enough information, which I believe harms our collective knowledge and security.