Yes, never take pre-emptive action to protect the people, or your fellow student for that matter. It is the DA's opinion by filing the case that these actions are against the law. In reality you cannot tell if a website is vulnerable without running a test. Would you put your social security number in a school website after all the bad press on school sites preceeding this incident? If you had the know-how, would you test it before you did? There was an apparent discrepency in terms of how many records the site would produce with the exploit upon proxy communication with USC, he then produced more. So, in effect, if your bank's website only produced your credit card number with an exploit run against it, this means they are secure?

Yep, "no grey area", & "cut and dry". "No pre-emptive action", & "Screw the people" it is the only legal way.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11389/33760#33760