Assuming you're not fed up yet, here's
my analogy:

1. I used to work for a company A, developing
product X. (Pick whatever industry you can imagine, e.g. Firestone tires)

2. There's a security problem with the product and I try to convince management
to fix it.

3a. I quit the company because they're
idiots and I was stupid enough to let them
know what I think of them while I was working
there.
Obviously they don't like me too much.

or

3b. I get fired because I'm an annoying pain
in the posterior who doesn't contribute to
the dilbertesque bottom line. Now I'm pissed.


4. Regardless of motivitation 3a or 3b, I decide something needs to happen to either
help the customers or get even with company A. We will never know the real motive.


5. Action! I get myself some client addresses through google, e.g. 10-50 per day and start emailing them anonymously.

Whether that's a crime or not is for the law to decide, but jail seems a little harsh.

My guess is that company A is more pissed of at Bret than he is at them.

Final conclusion is this is not a company I would like to work for. Having said this they just created double damage for themselves.

P.S.: Was trying to be objective and not trying to defende this guy.



[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/179/21629#21629