dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
85
share rss forum feed


yaplej
Premium
join:2001-02-10
White City, OR

Deter "white hats"?

Will this serve as a deterrent for "white hat" hackers from bring forward or publishing any security holes they find? Im sure someone else had already found the hold and been exploiting it for other purposes.

AT&T should have been alerted privately with a disclosure of their intent to public announce the security issue within x days. Sending a formal letter certified would have probably been enough evidence in their defence that they warned AT&T about the issue and allowed them time to fix the issue.

Even if they were going to publish the findings willfully knowing it could cause financial damage to AT&T that should not be grounds for criminal charges. What protections should any organization have against open publication of any discovered security issues?

Honestly though it seems like something that probably shouldn't have been shared with your 30 some hacker friends online that you really dont know. That makes your intentions look a little more shady.
--
sk_buff what?

Open Source Network Accelerators
»www.trafficsqueezer.org
»www.opennop.org


jc10098

join:2002-04-10
....or continued to exploit the problem to collect 114,000 emails. Then go public with the issue after sharing with his friends. Even if his intent wasn't nefarious, no one knows about everyone else involved.

Either he should have notified ATT immediately, kept his mouth shut and sold the emails anonymously, or gave them to wikileaks. I'd pick "A" and probably get a nice little bonus from ATT for doing them a huge favor and not going to the "Media".