Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
The Sad Tale of a Security Whistleblower
Mark Rasch, 2003-08-18

Federal prosecutors in California went too far when they put a man in prison for disclosing a website security hole to the people at risk from it.

Comments Mode:
(shrug) - he had it coming. 2003-08-18
Penguinisto (6 replies)
(shrug) - he had it coming. 2003-08-18
Anonymous (1 replies)
(shrug) - he had it coming. 2003-08-18
Beelezubb (4 replies)
(shrug) - he had it coming. 2003-08-18
Anonymous (2 replies)
(shrug) - he had it coming. 2003-08-19
Anonymous
no good deed goes unpunished 2003-08-20
Anton Sherwood (1 replies)
no good deed goes unpunished 2003-08-25
Anonymous
(shrug) - he had it coming. 2003-08-18
CyCOtiC (2 replies)
(shrug) - he had it coming. 2003-08-19
Beelezubb
(shrug) - he had it coming. 2003-08-19
Anonymous (1 replies)
(shrug) - he had it coming. 2003-08-19
Anonymous
(shrug) - he had it coming. 2003-08-19
Mark D. Rasch (1 replies)
ah - that should've been included in the article, then... 2003-08-21
Penguinisto (1 replies)
Posting to BugTraq does not get you off the hook... 2003-08-26
Anonymous
(beelezubb!) - he had it coming. 2003-08-19
scamerone
Re: (shrug) - he had it coming. 2003-08-18
Anonymous (1 replies)
Re: (shrug) - he had it coming. 2003-08-19
Anonymous (1 replies)
he had it coming? I don't think so!. 2003-08-19
Jack.R.Abbit
(shrug) - he had it coming. 2003-08-19
Anonymous (2 replies)
Analogies 2003-08-19
SCamerone (1 replies)
Analogies 2003-08-19
Anonymous-Jerk (2 replies)
Analogies 2003-08-20
Drg (1 replies)
Analogies 2003-08-26
Anonymous
Analogies 2003-08-27
SCamerone
"Free Speech"? Puh-leeze. 2003-08-21
Penguinisto (1 replies)
"Free Speech"? Puh-leeze. 2003-08-21
Anonymous
(shrug) - he had it coming. 2003-08-20
Anonymous (1 replies)
(shrug) - he had it coming. 2003-08-21
Penguinisto
(shrug) - he had it coming. 2003-08-26
Anonymous
Re: (shrug) - he had it coming. 2008-02-12
Anonymous
The Sad Tale of a Security Whistleblower 2003-08-18
Anonymous (5 replies)
The Sad Tale of a Security Whistleblower 2003-08-18
Anonymous (2 replies)
The Sad Tale of a Security Whistleblower 2003-08-19
Anonymous
The Sad Tale of a Security Whistleblower - Wakeup 2003-08-19
Anonymous (1 replies)
The Sad Tale of a Security Whistleblower - Wakeup 2003-08-29
Anonymous
The Sad Tale of a Security Whistleblower 2003-08-18
APS
The Sad Tale of a Security Whistleblower 2003-08-18
Anonymous (2 replies)
The Sad Tale of a Security Whistleblower 2003-08-19
Anonymous
The Sad Tale of a Security Whistleblower 2003-08-19
Anonymous
The Sad Tale of a Security Whistleblower 2003-08-19
Anonymous
The Sad Tale of a Security Whistleblower 2003-08-19
Brian
The Sad Tale of a Security Whistleblower 2003-08-18
Anonymous (1 replies)
Uh, did you guys read the same story I did? He did NOT break in through the hole that he discovered (and tried to get Tornado to fix). He sent Email warning the customers of the vulnerability.
That seems to be a pretty freaking reasonable facsimile of "responsible disclosure" to me: tell the company and they do nothing, then tell the people at risk.
As to the "break into the house to prove the deadbolt is broken" argument, that's bogus. More like "sent him an email to tell him the deabolt is defective". Most normal people would consider that a favor, not cause for 18 months in jail. I hope he sues the pants off of the company *and* especially the prosecutor.
My $0.02.
Surreal

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/179/21536#21536
The Sad Tale of a Security Whistleblower 2003-08-18
Anonymous (2 replies)
The Sad Tale of a Security Whistleblower 2003-08-19
Anonymous
The Sad Tale of a Security Whistleblower 2003-08-19
Anonymous (1 replies)
The Sad Tale of a Security Whistleblower 2003-08-20
Drg (1 replies)
The Sad Tale of a Security Whistleblower 2003-08-22
Anonymous
The good, the bad and the ugly. 2003-08-18
Mabrick (2 replies)
The good, the bad and the ugly. 2003-08-18
Elc0chin0 (1 replies)
The good, the bad and the ugly. 2003-08-22
Anonymous
The good, the bad and the ugly. 2003-08-19
Anonymous (1 replies)
The good, the bad and the ugly. 2003-08-25
Tomdaq
The Sad Tale of a Security Whistleblower 2003-08-18
Anonymous
The Sad Tale of a Security Whistleblower 2003-08-18
Anonymous
The Sad Tale of a Security Whistleblower 2003-08-18
TomV
The Sad Tale of a Security Whistleblower 2003-08-18
Anonymous (8 replies)
The Sad Tale of a Security Whistleblower 2003-08-18
Chris Humphries (3 replies)
The Sad Tale of a Security Whistleblower 2003-08-19
The Big Mac
The Sad Tale of a Security Whistleblower 2003-08-19
Judith (1 replies)
The Sad Tale of a Security Whistleblower 2003-08-20
Elc0chin0
The Sad Tale of a Security Whistleblower 2003-08-21
Morosoph
The Sad Tale of a Security Whistleblower 2003-08-18
Anonymous
The Sad Tale of a Security Whistleblower 2003-08-18
Steve.
The Sad Tale of a Security Whistleblower 2003-08-18
Anonymous
The Sad Tale of Unthinking Knee-Jerking 2003-08-18
Anonymous
The Sad Tale of a Security Whistleblower 2003-08-18
Anonymous
The Sad Tale of a Security Whistleblower 2003-08-18
Anonymous
The Sad Tale of a Security Whistleblower 2003-08-21
Anonymous
The Sad Tale of a Security Whistleblower 2003-08-18
Bob Radvanovsky (3 replies)
The Sad Tale of a Security Whistleblower 2003-08-18
Anonymous (1 replies)
The Sad Tale of a Security Whistleblower 2003-08-20
Leif Ericksen
The Sad Tale of a Security Whistleblower 2003-08-19
Elc0chin0 (2 replies)
The Sad Tale of a Security Whistleblower 2003-08-19
Bob Radvanovsky
The Sad Tale of a Security Whistleblower 2003-08-20
Anonymous
The Sad Tale of a Security Whistleblower 2003-08-20
Leif Ericksen
The Sad Tale of a Security Whistleblower 2003-08-18
John Poindexter (1 replies)
The Sad Tale of a Security Whistleblower 2003-08-19
Elc0chin0
The Sad Tale of a Security Whistleblower 2003-08-18
Anonymous (1 replies)
The Sad Tale of a Security Whistleblower 2003-08-18
Anonymous
The Sad Tale of a Security Whistleblower 2003-08-18
Anonymous (1 replies)
The Sad Tale of a Security Whistleblower 2003-08-19
jofny
The Sad Tale of a Security Whistleblower 2003-08-18
Old Grue
He did the right thing. 2003-08-18
Anonymous
It might have been better to talk to the press. 2003-08-18
Anonymous (2 replies)
It might have been better to talk to the press. 2003-08-19
Anonymous
It might have been better to talk to the press. 2003-08-19
Bob Radvanovsky (1 replies)
It might have been better to talk to the press. 2003-08-19
Elc0chin0
The Sad Tale of a Security Whistleblower 2003-08-19
Ashamed US Citizen
The Sad Tale of a Security Whistleblower 2003-08-19
Anonymous
Bill Gates deserves jail 2003-08-19
Anonymous
The Sad Tale of a Security Whistleblower 2003-08-19
Anonymous
The Sad Tale of a Security Whistleblower 2003-08-19
aXe-2-gRiND
The Sad Tale of a Security Whistleblower 2003-08-19
Anonymous
I was there when this happened 2003-08-19
Anonymous (3 replies)
it seems you were also at slashdot 2003-08-20
Anonymous
I was there when this happened 2003-08-20
Drg
I was there when this happened 2003-08-27
SCamerone
The Sad Tale of a Security Whistleblower 2003-08-19
Anonymous
The Sad Tale of a Security Whistleblower 2003-08-19
Jerry Westrick
The Sad Tale of a Security Whistleblower 2003-08-19
Anonymous
Idiot 2003-08-19
Anonymous (1 replies)
Idiot 2003-08-19
Elc0chin0
How To Properly Send Security Flaw Alerts 2003-08-19
Anonymous
Read it yourself. 2003-08-19
Anonymous
The Sad Tale of a Security Whistleblower or How to cover your corporate @$$ when sweeping a problem under the rug 2003-08-19
Ashaman (1 replies)
The Sad Tale of a Security Whistleblower or How to cover your corporate @$$ when sweeping a problem under the rug 2003-08-19
Elc0chin0 (1 replies)
The Sad Tale of a Security Whistleblower or How to cover your corporate @$$ when sweeping a problem under the rug 2003-08-19
Ashaman (1 replies)
The Sad Tale of a Security Whistleblower or How to cover your corporate @$$ when sweeping a problem under the rug 2003-08-20
Elc0chin0
Just where he has got the email addresses from? 2003-08-19
Anonymous (1 replies)
Just where he has got the email addresses from? 2003-08-19
Anonymous (3 replies)
Just where he has got the email addresses from? 2003-08-20
Anonymous
Just where he has got the email addresses from? 2003-08-20
Anonymous
Just where he has got the email addresses from? 2003-08-20
Anonymous
As the saying goes... 2003-08-19
Anonymous
The Sad Tale of a Security Whistleblower 2003-08-19
blacklight
The Sad Tale of a Security Whistleblower 2003-08-19
Anonymous
Rebel Without a Cause 2003-08-19
The Resonating Oscillator (3 replies)
Rebel Without a Cause 2003-08-20
Anonymous
Rebel Without a Cause 2003-08-20
Anonymous
Rebel Without a Cause 2003-08-20
Elc0chin0
The Government has gone too far. 2003-08-19
GWB (1 replies)
The Government has gone too far. 2003-08-19
Anonymous
The Sad Tale of a Security Whistleblower 2003-08-19
Anonymous (2 replies)
The Sad Tale of a Security Whistleblower 2003-08-20
Anonymous
The Sad Tale of a Security Whistleblower 2003-08-20
Bob Radvanovsky
Much thanks to a brave individual!! 2003-08-20
Gary
What about Cali's New Law? 2003-08-20
Nick Jacobsen (1 replies)
What about Cali's New Law? 2003-08-21
Mark D. Rasch (1 replies)
What about Cali's New Law? 2003-08-22
Elc0chin0
Discrepancies 2003-08-20
Kat (1 replies)
Discrepancies 2003-08-21
Elc0chin0
Why does Mark Rasch lie about his past jobs? 2003-08-20
One who knows (2 replies)
Why does Mark Rasch lie about his past jobs? 2003-08-24
Anonymous
Why does Mark Rasch lie about his past jobs? 2003-08-25
At The Bow's End
The Sad Tale of a Security Whistleblower 2003-08-20
Drg
Oh, BTW, your zipper is open 2003-08-22
Anonymous
The Sad Tale of a Security Whistleblower 2003-08-22
Anonymous
The Sad Tale of a Security Whistleblower 2003-08-22
Anonymous (1 replies)
Factual References 2003-08-26
Mark D. Rasch (1 replies)
Factual References 2003-08-26
Bob Radvanovsky
The Sad Tale of a Security Whistleblower 2003-08-22
Anonymous
The Sad Tale of a Security Whistleblower 2003-08-23
Anonymous
The Sad Tale of a Security Whistleblower 2003-08-25
Anonymous
The Sad Tale of a Security Whistleblower 2003-08-26
Robert H
The Sad Tale of a Security Whistleblower 2003-08-28
Anonymous
Fine 2003-08-28
agent1
Blame Hollywood! 2003-08-28
Anonymous







 

Privacy Statement
Copyright 2009, SecurityFocus