We've had plenty of stories in the past about security researchers who have faced legal problems after exposing security vulnerabilities in various products or websites, leading to long debates about the border between breaking the law and trying to help protect against vulnerabilities. Plenty of security researchers are now worried to even report some vulnerabilities, for fear of having the messenger blamed (or, worse, arrested). However, there probably is a line to be drawn somewhere -- and calling up a bank who had a flaw in their website, telling them how to fix it, and then demanding payment for letting them know about it, probably crosses that line. It's one thing to have the company ask you to help them fix a hole you discovered. It's quite another to demand payment. In this case, though, even though the hacker pleaded guilty, the judge let him off, noting that it seemed more a mistake of being naive than any malicious intent.
If you liked this post, you may also be interested in...
- Crowdfunded Prize For Open Source Jailbreaking iOS7 To Improve Accessibility
- Advisory Panel Offers Suggestions To Strengthen US Cybersecurity, But Is The Government Capable Of Change?
- ACLU Calls For Ban On Nonlethal Weapons In Schools After Tased Student Ends Up In Coma
- Lightning Strikes Twice: Wannabe Murderer Butt-Dials His Almost-Victim
- Companies Developing Crowd Analysis Programs To Detect 'Abnormalities' In Behavior And Match Faces Against Giant Databases