mailing list archives
Re: Pentester convicted..
From: Phoebe Tunstall <foibey () gmail com>
Date: Fri, 12 May 2006 20:52:18 +0100
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 12 May 2006 13:55:03 -0400
Karyn Pichnarczyk <karyn () sandstorm net> wrote:
Therefore, the Actual Damage is the re-evaluation of all systems, and
verification of all data on those compromised systems, to ensure that
the company's data has not been twiddled with/changed/modified.
I wouldn't argue that what the people mentioned in the articles did was ethical (or particularly sane). However, surely
once a critical flaw like that is discovered at all the data accessed must be considered potentially-compromised,
whether the flaw was discovered by someone who had permission to look or not. The data was available relatively easily
to anyone who took a look. There's a good possibility that there have already been intruders who weren't so gracious as
to identify themselves. The intruder who identifies themselves is not responsible for this "damage", as the damage
exists with or without them. I think the actual damage you refer to is just logical phallacy to cover the issue that a
piece of critical technology is seriously flawed. An intruder who does nothing to a company but inform them of a
security flaw doesn't hurt the company, as the problem was there before they arrived.
A defense of "I didn't do anything" does not lead much credence to
a criminal's testimony.
No, but identifying yourself as the perp does in a few legal systems.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
-----END PGP SIGNATURE-----
Re: Pentester convicted.. Jason Ross (May 11)
Re: Pentester convicted.. John Kinsella (May 11)
RE: Pentester convicted.. Sahir Hidayatullah (May 11)
Re: Pentester convicted.. bofn (May 11)
- RE: Pentester convicted.., (continued)