Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: ACM.ORG data leak still there 4 days after announcing to CEO John White
From: Valdis.Kletnieks () vt edu
Date: Mon, 22 Feb 2010 15:45:28 -0500

On Mon, 22 Feb 2010 20:19:44 GMT, Benji said:

Does that just cover fraud? Surely a database injection counts as
unauthorised access?

Does this mean that now anyone can start injecting websites and extracting
data, and aslong as they dont use the data to 'commit fraud or dislose
national secrets', or albeit, it cant be proved, that person is safe?

That's a gray area. Intent does matter:

"naked" - not wearing any clothes.
"nekkid" - naked and up to something.

Do you want to bet 3-5 in the pen that the DA won't be able to convince a jury
you didn't have intent? 

That's why it's always recommended you have a written "Get out of jail free"
card when doing a pen test - that significantly raises the bar to proving you
were up to no good.

Attachment: _bin

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]