BreachExchange mailing list archives
Re: Details on AOL search log disclosure
From: lyger <lyger () attrition org>
Date: Tue, 8 Aug 2006 00:21:12 -0400 (EDT)
On Mon, 7 Aug 2006, Joshua Reich wrote: ": " Now that we all have the list -- how ethical are we being by using it, for ": " whatever purposes? ": " ": " Which ethical guidelines apply in this circumstance. ": " ": " (would type more but sliced hand opened a harddrive last night) ": " ": " Josh Reich Not an easy question to answer, but a good one. First, AOL did actually remove the original list from their public web space, which was a wise move. However, they didn't do so until copies were distributed across the internet. At this point, no legal action will be able to remove the data from hard drives across the world. Second, ethics. There will probably be several differing opinions regarding distribution and use of the list or dataset. Personally, I have seen raw sets of breached data. Was I happy about it? No. Did it make me uncomfortable? Yes. Did I seek the opinions of others in the security industry about viewing said data? Absolutely. The best piece of advice I received was this: Do no harm. Look, but don't touch. Don't distribute for commercial gain. Try to understand the data itself, but don't use it for anything other than self-education. Side note: make sure any data breach is reported to the appropriate people, whether company supervisors or law enforcement authorities. If you know something, they should too. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/errata/dataloss/
Current thread:
- Details on AOL search log disclosure lyger (Aug 07)
- Re: Details on AOL search log disclosure Dennis Opacki (Aug 07)
- Re: Details on AOL search log disclosure Chris Walsh (Aug 07)
- Re: Details on AOL search log disclosure Joshua Reich (Aug 07)
- Re: Details on AOL search log disclosure lyger (Aug 07)
- Re: Details on AOL search log disclosure security curmudgeon (Aug 08)
- Re: Details on AOL search log disclosure Jon Passki (Aug 10)
- Re: Details on AOL search log disclosure Joshua Reich (Aug 07)