Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: ACM.ORG data leak still there 4 days after announcing to CEO John White
From: "James W. Lytle" <jlytle () uhcenter com>
Date: Mon, 22 Feb 2010 16:14:57 -0600

Were you contracted by them to conduct a penetration test?  If not, legal or no, it is an ethical violation.  I'm not a 
lawyer, but I have asked questions of lawyers and law enforcement pertaining to similar situations and the answer is 
that it is considered trespassing/breaking and entering and unethical unless there is a binding contract which you are 
fulfilling for a client.

Thanks!

James W. Lytle
Network Analyst
Medical Information Systems
1102 West Macarthur
Shawnee, OK 74804
405.395.5749 (office)
405.647.0364 (pager)
jlytle () uhcenter com
 
This electronic message transmission contains information from Unity Health Center which may be confidential or 
privileged. This information is intended to be for the use of the individual or entity named above. If you are not the 
intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is 
prohibited. If you have received this electronic transmission in error, please notify us immediately by telephone 
(405-395-5749) or by electronic mail at jlytle () uhcenter com 
 


-----Original Message-----
From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-
bounces () lists grok org uk] On Behalf Of the hacker
Sent: Monday, February 22, 2010 3:44 PM
To: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] ACM.ORG data leak still there 4 days after
announcing to CEO John White

After raising pressure a little bit (also by writing to this list) ACM
has finally reacted and asked where the problem is.

I told them the details so I guess they will finally be able to fix it.

My opinion is still that I did never try to conceal anything, I gave
them my real contact information and even sent the mail from the same ip
I accessed their site etc., so this should not be illegal.

But of course Benji is right in some way because you can always sue
anybody for anything  - the question is just who will win the trial.

In this case I really don't think it would be worth trying to sue me...

But I think its an important discussion & I look forward to more feedback.

TH





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]