Slashdot Mirror

← Back to Stories (view on slashdot.org)

Report Security Problems, Face The Consequences

Posted by ryuzaki0 on from the maybe-he-should-just-edit-the-page dept.

An Anonymous Coward writes: "Doing a good deed has caused one man a lot of trouble in the past year. Brian K. West, a tech support junky in a SE. Oklahoman ISP is now facing felony charges due to alerting his competition about a serious security flaw in their systems. The full story can be found at LinuxFreak.org ... I find this rather disturbing that our federal government would do such a thing to someone.." The details of the story lead to some head-scratching.

3 of 552 comments (clear)

  1. Slashdot effect... by Robber+Baron · · Score: 1, Offtopic

    Give 'em a whiff of the grape! (or at least the "slashdot effect"!)

    --

    You're using her as bait, Master!

  2. Re:The DMCA strikes again! by Eryq · · Score: 1, Offtopic
    Don't laugh. Consider:

    Let's say that in the future, company X uses website cookies which contain encrypted information. You're curious, so you capture your HTTP dialog with their website and, after a little fiddling, discover that the cookie is your Social Security Number, base64-encoded. Except that you never gave them your SSN. You call them up:

    • How the hell did you get a hold of my SSN?
    • What are you talking about?
    • Your website cookies are base-64 encoded SSNs!
    • They are? I didn't know that. Please hold...

    And the next day you're sued under the DMCA for cracking their "data protection scheme" (base64) and sharing information on how to crack it (with their customer service rep).

    Yeah, right, that's sounds ridiculous. Could never happen. Not in the USA. We don't do things like that here. All our arrests make sense...

    --
    I'm a bloodsucking fiend! Look at my outfit!
  3. Similar experience, but with a happy ending. by Faldgan · · Score: 1, Offtopic

    I was talking to a friend who still worked at a place where I had been previously employed(Both of us in IT), when he mentioned that they had moved their web services to a 'professional' hosting company. I had been playing around with SAINT, and during the conversation, (I forget who mentioned it) we decided to scan the machine hosting their site. The scan showed anon FTP with write access. I logged in (anonymous) and noticed that I had write access to the entire site, including all the scripts that dealt with the credit card numbers. After checking to see that the write access was real (I created a file in the root directory, containing my name and phone number, and an explanation of what I was doing) I told my friend to have that company called up and have the problem fixed immediatly. Later that day, I got a phone call from the 'professional' company that was hosting them, slightly upset at my actions, but just happy that I *was* benign. They could have done the same to me as has been done to Brian West, but instead they fixed their problem, and let me live.

    --
    Nathan Brazil?