|
|
Orchid XP v8 wrote:
> Warp wrote:
>
>> No good deed goes unpunished. (Although this is certainly not the worst
>> case of someone reporting security weaknesses to some company and getting
>> sued for it.)
Agreed, the "shoot-the-messenger" mind-set seems to be endemic
> The trouble is, if you say "hey, your security is really weak, you
> should fix it", people tend to not believe you. And if you walk up and
> say "hey, your security is really weak, I just hacked all your systems",
> they go "OMG, you're a hacker! DIE!!!"
>
> There seems to be no way to win.
>
> Of course, from the other side, *anybody* can walk up and claim that a
> system is insecure. That doesn't necessarily mean they know what the
> hell they're talking about. And if somebody breaks into your system, you
> can either enjoy the bad publicity of having "poor security", or you can
> sue the person, which makes them look like the bad guy, not you.
>
> It's easier and cheaper to scapegoat somebody else than fix the problem...
>
My problem here is that the young hacker in question seems to have been
naive rather than malicious.
1. Hacking the system without permission is not legal.
2. Pointing out the vulnerabilities (and taking the time
to compile a report) is helpful.
3. Actually producing and printing out the list of user
passwords was probably overkill.
IMO what the lad should have done was to offer to demonstrate the
vulnerabilities whilst their techies were present.
Of course, he may have already tried going down that route but was
turned down in which case he turned to the course of hacking the system
to get attention. I suppose that will presented in his defence if the
case actually gets to court.
My advice to Carleton, drop the charges and talk to the student. Point
out the error of hacking a system without permission but thank him for
helping to ensure the system is now secured. (I assume they have patched
the holes :-) )
BTW Look at the guy's name. I trust this is not another "war-on-terror"
overreaction.
John
--
"Eppur si muove" - Galileo Galilei
Post a reply to this message
|
|