, SecurityFocus 2006-04-26
Security researchers and legal experts have voiced concern this week over the prosecution of an information-technology professional for computer intrusion after he allegedly breached a university's online application system while researching a flaw without the school's permission.
Expand all |
Post comment
In other words, shoot the messenger
2006-04-26
Anonymous (1 replies)
Anonymous (1 replies)
Re: In other words, shoot the messenger
2006-04-26
Anonymous (5 replies)
Anonymous (5 replies)
Breach case could curtail Web flaw finders
2006-04-26
Anonymous (7 replies)
Anonymous (7 replies)
If it was anyone else, I would sympathize
2006-07-21
Anonymous (1 replies)
Anonymous (1 replies)
If he sold the database to spammers or the russian mafia, then his actions would have been wrong. He did not act wrongly.
The system serves up information on the internet. It is the responsibility of the system owners to serve up sensitive information in a secure manner.
McCarty didn't bring down the server, and he acted in a responsible and sensible manner after researching the system. He did nothing destructive.
However, the school acted irresponsibly in serving up sensitive information in an insecure fashion. The school as an organization is responsible for securing the students' information and should be sued for their gross negligence. Their intentions may have been good, but it doesn't matter. They put the sensitive information at risk that they are responsible for and should be held accountable.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/11389/33778#33778