You wouldn't go break into someone's house just to tell each member of the family just how insecure Daddy's deadbolt installation was, would you?

FWIW, if I were this guy, I'd just post the vuln and its explanation to Bugtraq and similar lists, and be sure to name names. If that didn't shame Tornado into fixing the problem, then they deserve whatever gets laid on them by the first script kiddie to take advantage of it.

It just doesn't make sense to go in (esp. if you're no longer an employee) and take matters into your own hands.

As far as the prosecution, IMHO they had a wide variety of laws that had already been broken by the guy - there was no sense in convoluting a law just to make an example of him.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/179/21525#21525