Robert Lemos, SecurityFocus 2006-09-06
Security professional Eric McCarty plead guilty in United States District Court in Los Angeles on Tuesday, admitting that he intentionally exploited a flaw in the online student application Web site of the University of Southern California, federal prosecutors said.
Colapse all |
Post comment
Security pro pleads guilty to USC breach
2006-09-07
John Delance (1 replies)
John Delance (1 replies)
Filling in the data leaks...
2006-09-07
mroonie
mroonie
If a system is going to be structured in a manner that doesn't fully allow people investigating vulnerabilites to actually find them (unless it's through unethcial, legal means) then what's the point? It's not like hackers aren't going to cross over to other servers!
If you really want to try to...
[ more ] [ reply ]
If you really want to try to...
[ more ] [ reply ]
Security pro pleads guilty to USC breach
2006-09-07
ChrisG (1 replies)
ChrisG (1 replies)
I'll agree with Mr. Maiffret that while what McCarty did was not the right thing to do, punishing people who let people know about a vulnerability after they exploited the vulnerability will only succeed in people not telling anyone about that vulnerability (or at least not the organization or vendo...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Security pro pleads guilty to USC breach
2006-09-24
Sort of Anonymous (1 replies)
Sort of Anonymous (1 replies)
Yes, broadly speaking, I agree with your comment. It seems to me that legal authorities do not take any extenuating circumstances into account when deciding whether or not to press a charge. The probability of being charged has more to do with the likelihood of success (prosecution) rather than the ...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Re: Security pro pleads guilty to USC breach
2006-12-28
Anonymous
Anonymous
Yes, I agree, prosecuters only care about getting a win, no matter what the circumstances. Perhaps the prosecuter himself should be prosecuted for interfearing with reasearch in safety.
How many more people will be victims now that security pros are the target instead of the real criminal? Hop...
[ more ] [ reply ]
How many more people will be victims now that security pros are the target instead of the real criminal? Hop...
[ more ] [ reply ]
Security pro pleads guilty to USC breach
2006-09-08
levin (1 replies)
levin (1 replies)
This case prooves the point that fear is the stearing force. They sued the guy out of fear of the unknown. It's easier to blame someone, just in case, rather then understand and evolve.
However, disclosing first, then notifiyng the owner is unprofessional, if the person is a "Security Pro". Ot...
[ more ] [ reply ]
However, disclosing first, then notifiyng the owner is unprofessional, if the person is a "Security Pro". Ot...
[ more ] [ reply ]
Security pro pleads guilty to USC breach
2006-09-18
Anonymous
Anonymous
These cases will lead to people not disclosing vulnerability information to the public or vendors but keeping it to themselves and the underground community.
He hasnt stolen any data. He hasn't dumped the db and disappeared. Yeah punish the good. It will only scare the good from helping you. ...
[ more ] [ reply ]
He hasnt stolen any data. He hasn't dumped the db and disappeared. Yeah punish the good. It will only scare the good from helping you. ...
[ more ] [ reply ]
Security pro pleads guilty to USC breach
2006-12-02
Anonymous
Anonymous
Anyone know why the school didn't admit him? I do not agree with them prosecuting him. I think they did so to save face. Just like the government is/was trying to do with Gary Mckinnon. Instead of hiring top notch people to run their networks, they hire incompetent morons. I used to be a blackh...
[ more ] [ reply ]
[ more ] [ reply ]
[ more ] [ reply ]