Can't Blame The Messenger For Identity Theft Security Problems
from the poking-holes dept
With all of the various data security holes reported over the past few weeks, one aspect that didn't get much coverage was how some of them were discovered. The guy who found out that an online payroll company was exposing plenty of personal data has written up his experience claiming that PayMaxx threatened to sue him for pointing out the flaw. They said it was a violation of the Computer Fraud and Abuse Act -- even though he was just trying to protect his own and others' content. With such an experience behind him, he's pointing out that any real attempt to stop identity theft needs to explicitly allow "white hat" hacking. This way, those who are simply trying to help companies find the security flaws in their system are protected. It's basically a question of whether or not the messenger should be blamed. Still, many will point out that there's a fine line between good Samaritan hacking and malicious hacking -- and some worry that malicious hackers will start claiming good intentions when they're caught. However, if the boundaries are made clear, this shouldn't be a huge problem.