mailing list archives
Re: ACM.ORG data leak still there 4 days after announcing to CEO John White
From: Valdis.Kletnieks () vt edu
Date: Mon, 22 Feb 2010 15:45:28 -0500
On Mon, 22 Feb 2010 20:19:44 GMT, Benji said:
Does that just cover fraud? Surely a database injection counts as
Does this mean that now anyone can start injecting websites and extracting
data, and aslong as they dont use the data to 'commit fraud or dislose
national secrets', or albeit, it cant be proved, that person is safe?
That's a gray area. Intent does matter:
"naked" - not wearing any clothes.
"nekkid" - naked and up to something.
Do you want to bet 3-5 in the pen that the DA won't be able to convince a jury
you didn't have intent?
That's why it's always recommended you have a written "Get out of jail free"
card when doing a pen test - that significantly raises the bar to proving you
were up to no good.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: ACM.ORG data leak still there 4 days after announcing to CEO John White Stack Smasher (Feb 25)