"Over protecting intellectual property is as harmful as under protecting it. Culture isn't possible without a rich public domain. [...] Culture, like science and technology, grows by accretion..."
~Federal 9th Circuit Court of Appeals Judge, Alex Kozinski
I see what you are saying and I agree to an extent, but really if someone important is affected by this then the need for reform wasn't communicated efficiently or thoroughly enough. What I mean is that if a bug is found and appropriately disclosed, and one can PROVE that risk can be mitigated by taking certain measures, then [I assume] an organization would take those precautions.
Perhaps again, I am being too optimistic?
I guess it depends on who is making the call... I'm sure there are people who, even if it made sense to them, would succumb to the call of the dollar.
First and foremost, I've been a slashdot lurker, and finally registered for an account because I think I have something of value to say here.
So, I think you guys have totally overlooked the point of all this. The way he talks about fixing the airline boarding pass security issue highlights to me that he is a security minded individual and has taken this step because he's noticed a vulnerability and has generated a proof of concept to illustrate the need for reform. This is often the only way to spark change rapidly in a ginormous looming organization as many of these airlines are. In my opinion, this public disclosure of a vulnerability is no different than the daily postings on SecuriTeam or Remote-Exploit or similar sites.
I see the argument then being "well, he probably said that to get out of a lawsuit". While I'm in no position to agree or disagree, from a larger perspective, even if that was the case, this vulnerability has been address, the ball is in the airlines court to clean up their mess. He knew that was how it would go down, and that makes this guy a whitehat. He convinced the FBI of this, and thats why they dropped the charges. We may not have the most reliable and efficient government in the world, but hey at least they are trying to embrace technology. I'd like to think that our government recognizes the need for public disclosure of *SOME* vulnerabilities to enact change... but that may be too optimistic of me.
Security is never absolute, and I am a firm believer that we cannot enhance our own security without first understanding how to break it. This guy is the bug finder, who will fix the bug? Long story short --> chalk one up for the whitehats!
And if dude wasn't white? Well.. I'm not touching that with a ten foot pole-arm +1 even.
Slashdot Mirror
As Nate Harrison so eloquently quoted:
"Over protecting intellectual property is as harmful as under protecting it. Culture isn't possible without a rich public domain. [...] Culture, like science and technology, grows by accretion..."
~Federal 9th Circuit Court of Appeals Judge, Alex Kozinski
http://nkhstudio.com/pages/amen_mp4.html
http://youtube.com/watch?v=5SaFTm2bcac
"Welcome to the collective. Please turn in your life. You can pick up your hot grits in room 404."
:)
Hey man I went to where I thought 404 was but all I got was a lousy error. Can you show me where the grits are?
I see what you are saying and I agree to an extent, but really if someone important is affected by this then the need for reform wasn't communicated efficiently or thoroughly enough. What I mean is that if a bug is found and appropriately disclosed, and one can PROVE that risk can be mitigated by taking certain measures, then [I assume] an organization would take those precautions.
Perhaps again, I am being too optimistic? ... I'm sure there are people who, even if it made sense to them, would succumb to the call of the dollar.
I guess it depends on who is making the call
Crazy talk I tell ye' -Mars
First and foremost, I've been a slashdot lurker, and finally registered for an account because I think I have something of value to say here.
So, I think you guys have totally overlooked the point of all this. The way he talks about fixing the airline boarding pass security issue highlights to me that he is a security minded individual and has taken this step because he's noticed a vulnerability and has generated a proof of concept to illustrate the need for reform. This is often the only way to spark change rapidly in a ginormous looming organization as many of these airlines are. In my opinion, this public disclosure of a vulnerability is no different than the daily postings on SecuriTeam or Remote-Exploit or similar sites.
I see the argument then being "well, he probably said that to get out of a lawsuit". While I'm in no position to agree or disagree, from a larger perspective, even if that was the case, this vulnerability has been address, the ball is in the airlines court to clean up their mess. He knew that was how it would go down, and that makes this guy a whitehat. He convinced the FBI of this, and thats why they dropped the charges. We may not have the most reliable and efficient government in the world, but hey at least they are trying to embrace technology. I'd like to think that our government recognizes the need for public disclosure of *SOME* vulnerabilities to enact change... but that may be too optimistic of me.
Security is never absolute, and I am a firm believer that we cannot enhance our own security without first understanding how to break it. This guy is the bug finder, who will fix the bug? Long story short --> chalk one up for the whitehats!
And if dude wasn't white? Well .. I'm not touching that with a ten foot pole-arm +1 even.
just my .02 ;P
-Marspeace'n'reallylouddrumandbass