dslreports logo
site
spacer

spacer
 
   
spc
story category
Monday Morning Links
by Revcb 07:16AM Monday Jan 21 2013

view:
topics flat nest 

cableties
Premium
join:2005-01-27

Youth expelled...

"“All software companies, even Google or Microsoft, have bugs in their software,” said Mr. Taza. “These two students discovered a very clever security flaw, which could be exploited. We acted immediately to fix the problem, and were able to do so before anyone could use it to access private information.”"

After reading the article, I believe the students intent was not malicious but one that, Wow, Look what I found and instead of realizing the territory, just didn't understand the bigger picture (do what your told, get your grade/degree, then write about it, and maybe even have a job lined up).
--
Splat
rradina

join:2000-08-08
Chesterfield, MO

Re: Youth expelled...

Unauthorized scanning of a system is incredibly stupid regardless of intent. Scanning can create significant traffic on a system that is often malformed. This generally causes exceptional logging and chews up a lot of resources.

Of course anyone, anywhere can start a scan on any Internet-facing system but sooner or later someone responsible for the health of that system is going to notice and at least block the scan. At worst, they'll block it, log it and turn it over to the authorities to investigate.

What I don't understand is the student claims to have discovered the flaw while developing a mobile application. He reported it and later ran a scan to verify it had been fixed. This implies that a scan was initially executed to discover the flaw. I don't understand why scanning the records system API was required to develop a mobile app.

Perhaps if he was scanning his own web service that then linked to the records system but if that's the case, he should have implemented a mock connection and simply scanned his own web service for vulnerabilities.

There may be a cover up but this is another example of someone extremely brilliant who doesn't have an a bit of common sense.

battleop

join:2005-09-28
00000

ISP to FCC Chariman

Why do you do something to help the smaller ISPs reach this goal instead of returning political favors to the big mega huge ISP?
--
I do not, have not, and will not work for AT&T/Comcast/Verizon/Charter or similar sized company.
BlueC

join:2009-11-26
Minneapolis, MN

Re: ISP to FCC Chariman

FCC and logic is pretty much the equivalent of oil and water.

All of these M&As within the industry has only made things worse. Of course the FCC seems to be fine with that.