Before you think of being a do-gooder...
Rick Tomaschuk
rickl-ZACYGPecefkm4kRHVhTciCwD8/FfD2ys at public.gmane.org
Sat May 27 12:31:02 UTC 2006
Good advice. Much of the computer business is driven by business people
who have no clue or care about the fitness of computer technology for
their applications. Its pathetic. Caveat emptor. Hacking a site is akin
to break and enter in the physical world which may not be a bad idea but
many countries don't have extradition treaties so the situation becomes
much like disarming the law abiding (see: Canadian gun registry).
RickT
http://www.TorontoNUI.ca
On Wed, 2006-05-24 at 00:48 -0400, Walter Dnes wrote:
> Something that's more likely to happen to us geeks than Joe-Sixpack...
> an article that discusses the pitfalls of disclosing vulnerabilities
> *EVEN TO THE SITE ADMINS*...
> http://www.cerias.purdue.edu/weblogs/pmeunier/policies-law/post-38/
> And don't think that it can't happen here in Canada...
> - Police and courts here can be just as stupid as in the USA
>
> - I'm also quoting a case that happened in Britain
>
> - Many websites we deal with here are actually hosted in the US, so
> extradition is a possibility
>
> His recommendations...
> - don't ask, don't tell. Don't tell *ANYBODY* even about your
> suspicions
>
> - do *NOT* "investigate further" if you have suspicions. See...
> http://www.securityfocus.com/news/11341
> > On December 31, 2004, Cuthbert, using an Apple laptop and Safari
> > browser, became concerned that a website collecting credit card
> > details for donations to the Tsunami appeal could be a phishing
> > site. After making a donation, and not seeing a final confirmation
> > or thank-you page, Cuthbert put ../../../ into the address line. If
> > the site had been unprotected this would have allowed him to move
> > up three directories.
> >
> > After running the two tests, at between 15.12 and 15.15 on New Year's
> > Eve, Cuthbert took no further action.
> *HE WAS CONVICTED*
>
> - If you *REALLY* *REALLY* *REALLY* know what you're doing, an
> anonymizer might work. The vast majority will eventually keel in
> to search warrants and subpeonas
>
> - If you feel that that your personal info is at risk...
> - *DON'T* "investigate further"
> - see a lawyer and tell him of your suspicions
> - ask the lawyer to write a cease-&-desist letter, with implications
> of a possible lawsuit, asking the site to stop potentially
> exposing your personal info. (The best defence is a good offence)
>
--
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list