Slashdot Mirror
Talk About A Security Hole, Go To Jail?
Nu11.org writes "According to a SecurityFocus article, 'Federal prosecutors in California went too far when they put a man in prison for disclosing a website security hole to the people at risk from it.'" According to the article, "...by explaining how the vulnerability worked, and why customer data was at risk, prosecutors asserted, the security specialist 'impaired the integrity' of the affected network", citing the case of Bret McDanel and his former employer, Tornado Development, Inc. We've discussed the disclosure of software exploits recently.
Federal prosecutors in California went too far when they put a man in prison for disclosing a website security hole
Guess whose hole will need tight security now ?
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Nice network you got there. It'd be a shame if something happened to it. Like a security hole getting exploited, right Vinnie?
... the land of free speech.
Talk About A Security Hole, Go To Jail?
Man, 90% of Microsoft's employees must be working out of prison...
The coolest voice ever.
This is disgusting. I can't imagine the sort of idiots who would think that this is a sensible interpretation of the law. What a bunch of useless motherHEYWHATAREYOUDOIdfhg;dkghtjk;htrshy
As I was saying, what a fair and just decision this is. God bless our legal system and all those who work to support it, especially the ones with guns.
Big guns
That aren't in any way being used to coerce me into writing thi';4grhy43gj[w3r#';;4NO CARRIER
Right, because this is JUST LIKE having your face eaten by rats and drinking Victory Gin. Jay-sus, do you pull out your Orwell for EVERY YRO STORY?
guy: "you're using Microsoft products, right?"
customer: "yes, that's correct"
guy: "well that's a huge security hole!"
customer: "no way! we have to keep this secret! come on Jeff, let's put this guy in jail before he tells anyone else!"
...why not just jack some credit card numbers/SSN's/other confidential info from the email system? If it means jail whether you do the good thing or the bad thing, why not make some scratch out of the process?
All's true that is mistrusted
Thats a gross generalization... who does this Lau guy think he is, some kind of philosopher? ;-)
The unofficial
Go directly to jail. Do not pass go. Do not collect 200 dollars. Do not tell others what you found. Let the hole be there for years. Let someone else find it and exploit it and collect 200 dollars.
[alk]
How about "unsecured WEP"? I know of several WEP-active APs that will gladly hand out the WEP keys (at least to the windows wireless configuration crap) It might be the stupidest damn thing in the world, but it's true.
Everyone knows that the best way to let a company know about a security hole is to write a worm that exploits it and release it into the wild.
-R
From the Article:
"The applicable language in the Computer Fraud and Abuse Act make it a crime to "knowingly cause the transmission of information and as a result of such conduct, intentionally cause any impairment to the integrity or availability of data, a program, a system, or information without authorization."
If I am interpreting that correctly, would I be guilty of a federal crime if I send out a mass email that said "OMG, Windows F%^&ing sucks. It just crashed and I lost all my work!!" I am after all intentially try to damage the integrety of a program right?
All further 1, 2, n, n+1 Profit jokes are now obsolete.
Not quite...
4. Sell next version w/fix and new holes
5. Profit (Again)
6. Repeat as needed.
This post is an attempt at humor. If you are lacking in humor and have mod points please see parent post.