Current Insight Community Cases

Justifying Your Datacenter Management Improvements

Essential Datacenter Tips On Application Performance Monitoring

The Importance Of Skilled Immigrants To The American Economy

Help A New Kind of Music Label Revolutionize The Industry

Mandates To Buy American Should Be More Carefully Considered

CwF + RtB

-- get "looooots of t-shirts"

Brought to you by Floor64 and the Techdirt crew.

stories filed under: "flaw"
(Mis)Uses of Technology

(Mis)Uses of Technology

by Mike Masnick

Wed, Oct 29th 2008 6:47am


Filed Under:
blame, flaw, messenger, security



Where's The Line Between Exploiting A Security Flaw And Alerting People To The Flaw?

from the blurry-lines dept

Over the years we've seen so many stories of the messengers being blamed for finding security holes that you would think that most folks would realize how dangerous it is to do so. After all, that just encourages those who find security holes to keep quiet resulting in huge security vulnerabilities left wide open for those with malicious intent to exploit. However, what happens in cases where someone alerts those responsible for the flaw, but also is exploiting the flaw in some way? Do the lines get blurry?

For example, there's a story making the rounds about a 15-year-old student who has been charged with various crimes after accessing data on school employees. Apparently the school misconfigured its servers, meaning that plenty of students could have gotten access to the file. What's unclear, however, is the student's motive. In the article linked above, it just says that one of the two students who accessed the data "alerted the principal" of the security hole, sending a semi-anonymous email signed from "a student." However, the kid was quickly tracked down and promptly arrested.

On reading that story, it certainly sounds like yet another case of "blame the messenger." But it's not clear if that's really accurate. A local newspaper's version of the story is somewhat different, where it's claimed that the "alert" to the principal was the student sending an email saying "look what I have" as if he were gloating -- rather than alerting the school to a security breach. The police officer involved in the case also claims that the kid "was looking to profit from his criminal act." There aren't any details provided to back that up, but it certainly sounds like there may be more to this story than just a kid alerting officials to a security breach.

16 Comments | Leave a Comment..

 
(Mis)Uses of Technology

(Mis)Uses of Technology

by Mike Masnick

Tue, Oct 28th 2008 6:56pm


Filed Under:
android, flaw, messenger, security

Companies:
google



Google Attacks The Messenger Over Android Vulnerability

from the not-very-friendly dept

There was plenty of news over the weekend about a security flaw found in Google's Android mobile operating system that could allow certain websites to run attack code and access sensitive data. The security researchers have said they won't reveal the details of the flaw, even though it's apparently a known flaw that is in some of the open source code in Android that Google did not update. However, that didn't stop Google from attacking the messenger, claiming that the security researcher who discovered the flaw broke some "unwritten rules" concerning disclosure. First of all, there is no widespread agreement on any such "unwritten rules" and many security researchers believe that revealing such flaws is an effective means of getting companies to patch software. Considering that Android's source code was revealed last week, it's quite reasonable to assume that many malicious hackers had already figured out this vulnerability, and making that news public seems to serve a valuable purpose. It's unfortunate that Google chose to point fingers, rather than thanking the researcher and focus on patching the security hole.

29 Comments | Leave a Comment..

 
Search Techdirt
And now, a word from our Sponsors..
San Francisco Music Tech 2009
15% off discount for Techdirt Readers



Popular Posts
Poll

Which Internet Concern Worries You The Most?

 

 

 

 

 

 


Add Techdirt RSS To Your Reader
rss Add Techdirt to your Bloglines
Add Techdirt to your Google Add Techdirt to your My Yahoo
Add Techdirt to your Netvibes Add Techdirt to your Newsgator
Subscribe to Techdirt's Daily Email Newsletter

Techdirt's Daily Email Newsletter

Older Stuff

Monday

11:16pm: That Was Fast: New Detroit Newspaper Lasted An Entire Week Before Shutting Down (2)
9:33pm: Local UK Newspaper Chain Tries A Paywall (13)
7:49pm: The Uselessness Of Amazon's Announcement That Kindle Is Its Best Selling Product (16)
6:08pm: Facebook Photos Coming Back To Haunt Users In Surprising Ways (39)
4:45pm: French Courts Continue To Penalize eBay For Actions Of Users (12)
3:36pm: Dear Peter Mandelson... Dan Bull Sings His Opposition To Kicking People Off The Internet (13)
2:14pm: If We Don't Kick People Off The Internet For File Sharing, Football Will Die (65)
1:00pm: More ACTA Leaks; Still Looking Really Bad (15)
11:37am: Other Legal Work Slow? Start A Practice To Help Patent Trolling (14)
10:23am: One Misguided Tweet Is 'Indisputable' Evidence That Piracy Harms Movies? (63)
9:10am: Italian Prosecutors Assume Google Execs Read All YouTube Comments; Demands Jailtime Over Video (32)
7:33am: Copyright Law Changes In India Could Gut Fair Use (18)
6:00am: UK Pub Owner Fined Due To Unauthorized Downloads On Free Pub WiFi? (42)
3:57am: Suing For Patent Infringement No Replacement For Actually Building A Real Business (31)
1:46am: Mininova Deletes Most Torrents Under Court Threat (49)

Wednesday

7:37pm: Stop Wallowing And Start Doing Cool Stuff With Business Models, The Wil Wheaton Edition (32)
6:51pm: Researchers: Copying And Imitation Is Good For Society (140)
6:05pm: Steve Jobs Tells Startup Startup To Change Names, Saying 'It's No Big Deal' (70)
5:26pm: Profitable 'Pay Us Or We'll Sue You For File Sharing' Scheme About To Send 30,000 More Letters (20)
4:46pm: UK Police Arresting People Just To Add To DNA Database? (18)
4:01pm: Funny How Those In Favor Of ACTA Are Against Treaty Providing More Access To Content For Vision Impaired (6)
3:15pm: Advertising As Content: Newspaper Raising Newsstand Prices For Thanksgiving Papers With Black Friday Ads (11)
2:14pm: Are Entertainment Industry Tactics Working? (50)
1:00pm: Photographer Compares Microstock Sites To Pollution And Drug Dealing (45)
11:48am: If Movie Piracy Is Really A Problem, It's Hollywood's Fault (78)
10:27am: If Google Visitors Are Worthless, It's Only Because Newspaper Execs Don't Know What They're Doing (37)
9:01am: Multitasking Is Our Main Activity (15)
7:33am: Greed vs. Due Diligence: Another Case Of Startup Fraud? (4)
6:01am: Anti-Piracy Group In Spain Fined For Bad Faith Actions Against File Sharing Systems (13)
3:55am: ABA Journal's Patent Application To Score Interview With USPTO Boss David Kappos (18)
More arrow
Quick Links
Close
E-mail It