cerias.purdue.edu — The risks associated with reporting vulnerabilties are discussed in this recent CERIAS weblogs post. In the end, the author decides that the risks are too great, and decides that in the future, he will stay safe by staying quiet. Was this the right decision, or is reporting an issue regardless of the risks a moral necessity?
May 22, 2006 View in Crawl 4
miaowMay 23, 2006
this highlights my main concern with the net. websites and internet companies are too slack and too arrogant. and like the guy says if they here about it then its the reported person that will be targetted. It seems to me that all you need is something not patched in your compiter and you visit a website and you are in trouble (as an example)its an ideal situation for trojan, rootkit users. I think most of the net should be https for a start.It highlights how mediocre most companies are in our business world. If someone runs a rotten call-centre, the chairman will likely never realise. This is the general standard for most companies imho. With internet security, that sort of standard isn't good enough. We live in a world of shoddy standards except when it can't be hidden.
Closed AccountMay 23, 2006
Here in Oz there are instances where some ungrateful bastard who had CPR administered to them sued the pants of the person who SAVED them because they left bruising from the CPR itself!I let my 1st Aid certs lapse because of this sort of thing, plus if I don't help I can get sued as well!Its insane!!
nightwing2000May 23, 2006
I recall the story about a professor who was so confident of his system's security, he challenged the students, in class, to break in to the college mainframe. A pair of students simply lifted the ceiling tiles and climbed into computer room, where the administrator console was always logged on. Guess who had no sense of humour about the situation? Guess what happened to the students? (Hint - "Break and Enter").
kestralMay 23, 2006
For the cynical, there is an old saying that says: No good deed goes unpunished.