The Paradox of Grey Hat Hackers

v3rgEz writes: Troy Hunt, a security researcher who tracked breached websites, reflects on the recent "grey hat" hacking of VTech, in which a hacker downloaded millions of kids' photos, chat logs, and more, to blow the whistle on a serious vulnerability. The attacker went way beyond responsible disclosure, offering the data directly to a reporter, but the ensuing publicity got VTech to clean up their act and maybe helped parents better understand the dangers of lax security. Is grey hat ok when it's done for the greater good?

Sue insecure sites.

[GrantRobertson]

What we need is a business model for law firms to profit from suing insecure sites just as the music industry has law firms that support themselves entirely from suing copyright infringers. Said law firms would solicit for "expert witnesses" to provide information as to which sites may be insecure. The law firm then does research (through legal means) to find enough people, who have information on the site, to constitute a class action lawsuit. They file the suit and pay their expert witnesses a fee for their testimony. No one can retaliate against the expert witness because that would be witness tampering. The expert witness would be working on behalf of the plaintiffs rather than working independently.