RE: Spot a Software Bug, Go to Jail?

[Alex Eckelberry <AlexE () sunbelt-software com>]

Umm... It's actually a bit scary, too.  There has to be a good samaratin
type of protection for this.

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Fergie
Sent: Wednesday, May 10, 2006 11:21 AM
To: funsec () linuxbox org
Subject: [funsec] Spot a Software Bug, Go to Jail?


This has got to be one of the most asinine things I've ever heard of.

Via Wired News.

[snip]

A new federal prosecution again raises the issue of whether computer
security experts must fear prison time for investigating and reporting
vulnerabilities.

On April 28, 2006, Eric McCarty was arraigned in U.S. District Court in
Los Angeles. McCarty is a professional computer security consultant who
noticed that there was a problem with the way the University of Southern
California had constructed its web page for online applications. A
database programming error allowed outsiders to obtain applicants'
personal information, including Social Security numbers.

For proof, the man copied seven applicants' personal records and
anonymously sent them to a reporter for SecurityFocus. The journalist
notified the school, the school fixed the problem, and the reporter
wrote an article about it.

The incident might have ended there, but didn't.

[snip]

More here: http://www.wired.com/news/columns/circuitcourt/0,70857-0.html

- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.