Talk About A Security Hole, Go To Jail?
Nu11.org writes "According to a SecurityFocus article, 'Federal prosecutors in California went too far when they put a man in prison for disclosing a website security hole to the people at risk from it.'" According to the article, "...by explaining how the vulnerability worked, and why customer data was at risk, prosecutors asserted, the security specialist 'impaired the integrity' of the affected network", citing the case of Bret McDanel and his former employer, Tornado Development, Inc. We've discussed the disclosure of software exploits recently.
Nice network you got there. It'd be a shame if something happened to it. Like a security hole getting exploited, right Vinnie?
Talk About A Security Hole, Go To Jail?
Man, 90% of Microsoft's employees must be working out of prison...
The coolest voice ever.
guy: "you're using Microsoft products, right?"
customer: "yes, that's correct"
guy: "well that's a huge security hole!"
customer: "no way! we have to keep this secret! come on Jeff, let's put this guy in jail before he tells anyone else!"
Go directly to jail. Do not pass go. Do not collect 200 dollars. Do not tell others what you found. Let the hole be there for years. Let someone else find it and exploit it and collect 200 dollars.
[alk]
Everyone knows that the best way to let a company know about a security hole is to write a worm that exploits it and release it into the wild.
-R
All further 1, 2, n, n+1 Profit jokes are now obsolete.
Not quite...
4. Sell next version w/fix and new holes
5. Profit (Again)
6. Repeat as needed.
This post is an attempt at humor. If you are lacking in humor and have mod points please see parent post.