What also bugged me is that he disapproved painted Mitnick in a negative light. Now I’m far from being a fan-boy and I know that Mitnick did his share of illegal things – but he got his punishment and I think that he tries to give something back to society (with his book for example which I found really interesting).

Maybe the problem is one of challenge: everybody likes challenge and we (as the security community) should try to present in more detail the challenges we face in our jobs so that capable people know that they can be on the good side and still have a challenging job. For example since working as a malware analyst I appreciate the difficulties of detecting malware more and although I could write an “uber-malware” I won’t because fighting against it is more challenging (and also because I want to be on the good side). Exposing this face of the security land is however difficult because while “cracking” can be performed in solitude, all positive efforts are usually done inside companies where outsiders have less access.

As for the issue of naming things: just because others call themselves something, it doesn’t mean that term should be discredited. For example many “doctors” performed (and maybe still perform) dubious experiments around the world on human subjects, but this doesn’t mean that we should discredit the term “doctor”. Of course there are situations where the odds are against us (like with the term “hacker”), but we should still try.

i suppose it should go without saying that an ethical hacker would follow the responsible disclosure guidelines… of course there’s more to ethical hacking than just responsible disclosure (like, for example, not hacking production systems without permission)…

it seems to me that the referenced post, however, is not an argument for or against the ideal of ethical hacking, but rather a description of how it’s gone wrong in practice and perhaps why it didn’t work out the way it was supposed to… i can’t say i disagree, either, since i’ve certainly seen people claim to be whitehats one moment and then perform blackhat activities (like releasing attack code) in the next… there really are a lot of people claiming to be ethical hackers who deviate wildly from what you or i would consider ethical…