Student Charged With Crime For Telling University Officials About Security Hole
from the blame-the-messenger dept
For many years, we’ve covered case after case after case after case after case after case after case of people being blamed, arrested or even jailed for pointing out a security flaw. It should come as no surprise that many security researchers claim that it’s just not worth it to research security vulnerabilities, since the risk is just too high.
It doesn’t seem like those on the other side are getting the message just yet. Slashdot points us to the latest example, where a student at Carleton University has been arrested and charged with computer hacking after discovering a vulnerability and writing up a 16-paged paper to tell university officials about the vulnerability. A criminal doesn’t write up a huge paper telling officials how to fix their problems. This just scares off people from telling universities that their systems are insecure. Remember, a few years back in Ohio there was a similar situation, with the whistleblower blamed — and then the school didn’t bother fixing the vulnerability, leading to more info being leaked.