Current Insight Community Cases

Essential Datacenter Tips On Application Performance Monitoring

The Importance Of Skilled Immigrants To The American Economy

Help A New Kind of Music Label Revolutionize The Industry

Mandates To Buy American Should Be More Carefully Considered

Navigating The New Business World After This Recession

Check out our CwF + RtB experiment.
Brought to you by Floor64 and the Techdirt crew.

stories filed under: "flaw"
(Mis)Uses of Technology

(Mis)Uses of Technology

by Mike Masnick

Wed, Oct 29th 2008 6:47am


Filed Under:
blame, flaw, messenger, security



Where's The Line Between Exploiting A Security Flaw And Alerting People To The Flaw?

from the blurry-lines dept

Over the years we've seen so many stories of the messengers being blamed for finding security holes that you would think that most folks would realize how dangerous it is to do so. After all, that just encourages those who find security holes to keep quiet resulting in huge security vulnerabilities left wide open for those with malicious intent to exploit. However, what happens in cases where someone alerts those responsible for the flaw, but also is exploiting the flaw in some way? Do the lines get blurry?

For example, there's a story making the rounds about a 15-year-old student who has been charged with various crimes after accessing data on school employees. Apparently the school misconfigured its servers, meaning that plenty of students could have gotten access to the file. What's unclear, however, is the student's motive. In the article linked above, it just says that one of the two students who accessed the data "alerted the principal" of the security hole, sending a semi-anonymous email signed from "a student." However, the kid was quickly tracked down and promptly arrested.

On reading that story, it certainly sounds like yet another case of "blame the messenger." But it's not clear if that's really accurate. A local newspaper's version of the story is somewhat different, where it's claimed that the "alert" to the principal was the student sending an email saying "look what I have" as if he were gloating -- rather than alerting the school to a security breach. The police officer involved in the case also claims that the kid "was looking to profit from his criminal act." There aren't any details provided to back that up, but it certainly sounds like there may be more to this story than just a kid alerting officials to a security breach.

16 Comments | Leave a Comment..

 
(Mis)Uses of Technology

(Mis)Uses of Technology

by Mike Masnick

Tue, Oct 28th 2008 6:56pm


Filed Under:
android, flaw, messenger, security

Companies:
google



Google Attacks The Messenger Over Android Vulnerability

from the not-very-friendly dept

There was plenty of news over the weekend about a security flaw found in Google's Android mobile operating system that could allow certain websites to run attack code and access sensitive data. The security researchers have said they won't reveal the details of the flaw, even though it's apparently a known flaw that is in some of the open source code in Android that Google did not update. However, that didn't stop Google from attacking the messenger, claiming that the security researcher who discovered the flaw broke some "unwritten rules" concerning disclosure. First of all, there is no widespread agreement on any such "unwritten rules" and many security researchers believe that revealing such flaws is an effective means of getting companies to patch software. Considering that Android's source code was revealed last week, it's quite reasonable to assume that many malicious hackers had already figured out this vulnerability, and making that news public seems to serve a valuable purpose. It's unfortunate that Google chose to point fingers, rather than thanking the researcher and focus on patching the security hole.

29 Comments | Leave a Comment..

 
Search Techdirt
And now, a word from our Sponsors..
San Francisco Music Tech 2009
15% off discount for Techdirt Readers



Popular Posts
Poll

Which Internet Concern Worries You The Most?

 

 

 

 

 

 


Add Techdirt RSS To Your Reader
rss Add Techdirt to your Bloglines
Add Techdirt to your Google Add Techdirt to your My Yahoo
Add Techdirt to your Netvibes Add Techdirt to your Newsgator
Subscribe to Techdirt's Daily Email Newsletter

Techdirt's Daily Email Newsletter

Older Stuff

Tuesday

1:56pm: Jury Says Fictional Character Can Be Libelous (28)
12:44pm: Spam King Alan Ralsky Gets Four Years In Jail (26)
11:39am: Publishers Getting The Wrong Message Over eBook Piracy (39)
10:28am: Calling For An Independent Invention Defense In Patents (26)
9:12am: Microsoft Tries To Silence Revelation Of Bing Cashback Flaws; Leads To Revelation Of Other Problems (41)
8:03am: Don't Blame Facebook For Some Kids Beating Up Another Student (61)
6:46am: Hulu Telling Sites To Stop Embedding So Much (44)
5:00am: Once Again, If The Gov't Has Data, It Will Be Abused (42)
2:53am: As Expected, Social Networking Generation Running For Office Face Their Permanent Record Online (31)
12:55am: IMAX Sues Cinemark For Building Competing System... While Being An IMAX Customer (14)

Monday

10:26pm: Filmmaker Allowed To Use The Name Rin Tin Tin To Describe Rin Tin Tin (6)
8:25pm: Senators Begin Questioning ACTA Secrecy (32)
6:34pm: Brazil E-Voting Machines Not Hacked... But Van Eck Phreaking Allowed Hacker To Record Votes (15)
5:08pm: FCC Doesn't Think The Lack Of Competition Is A Major Barrier To Broadband? (36)
3:49pm: Heads Of Major Movies Studios Claiming They Just Want To Help Poor Indie Films Harmed By Piracy (47)
2:38pm: USPTO Convinced By Amazon That Online Gift Giving Patent Is Legit (19)
1:31pm: Tiburon Approves Recording Every Car That Enters/Leaves... Despite More Evidence Of Traffic Camera Abuse In UK (89)
12:18pm: Label Exec Arrested For Not Using Twitter To Disperse Crowd At Mall To See Singer (53)
11:01am: Spanish Court Dismisses Complaint From Nintendo Against Counterfiet DS Cartridges, Since They Add Functionality (12)
9:55am: Dear PR People: If Your Exec Has A Comment, Our Comments Are Open (25)
8:44am: What Kind Of Mickey Mouse (And Donald Duck) Lawsuits Are These? (23)
7:30am: Prosecutors Ending Lawsuit Against Lori Drew (13)
6:06am: Dear Rupert: You Don't Succeed By Making Life More Difficult For Users (70)
4:20am: ESPN Writer Suspended From Twitter (59)
2:10am: School Can't Handle Critical Community Message Board; Sends Legal Nastygram (21)

Friday

7:39pm: Liberian Laws Are A Secret Due To Copyright; Even The Gov't Doesn't Have Them (43)
6:56pm: Lily Allen: It's Ok To Sell My Counterfeit CDs, Just Don't Give My Music For Free (97)
6:10pm: EFF Looks To Bust Bogus Podcasting Patent; Needs Prior Art (34)
5:28pm: Google Blocking Set Top Boxes From Showing YouTube Unless They Pay Up? (65)
4:44pm: Entertainment Industry: Yes, Please Keep Negotiating Secret Copyright Treaty To Save Our Asses (43)
More arrow
Quick Links
Close
E-mail It