Language Selection

English French German Italian Portuguese Spanish

Security Research and Computer Crime - Where do we Draw the Line?

Filed under
Legal

This is interesting - the case of Eric McCarty, a security researcher and sysadmin charged by Federal prosecutors last month with "knowingly having transmitted a code or command to intentionally cause damage" to the University of Southern California's applicant website (I noticed the FBI press release uses the word "sequel" instead of SQL. I hope that wording didn't come from the complaint itself...).

Apparently, McCarty exploited a SQL injection flaw to access student data (which included social security numbers and dates of birth) in the database backing USC's website. He then notified SecurityFocus via email, who notified USC of the vulnerability. USC shut their site down for two weeks while it was being fixed (my guess is the "damage" comes from the fact that USC had to take their applicant website offline, since McCarty didn't do anything malicious with the information). Here is the text of the statute he is alleged to have violated (see section (5)(A)(Sleepy).

The case, and others like it, show the ethical conflict involved in some computer crime prosecutions.

Full Story.

More in Tux Machines

F2FS Feature Work For The Linux 4.11 Kernel

The Flash-Friendly File-System (F2FS) will see new features introduced with the Linux 4.11 kernel. F2FS for Linux 4.11 is making use of a separate thread for discards to avoid latency problems during checkpoints and fstrim, some prep work for open-channel SSD support, on-disk bitmaps are being introduced, and various other changes. Read more

Q4OS 1.8.3, Orion

New update of stable Q4OS 'Orion' desktop is available. Bunch of important packages updates and security patches has been delivered, as well as improvements of the native Q4OS update manager application. All the changes are available for existing Q4OS users via the automatic update process. Work on the next major version, Q4OS 2.3 'Scorpion' continues as the Debian Project also nears end of development cycle for the Debian GNU/Linux 9 'Strech' operating system, upon which Q4OS 2.3 will be based. The release date is preliminarily scheduled at about the turn of April and May 2017. Q4OS 'Scorpion' will be supported at least five years from the official release date. Read more

Games for GNU/Linux

today's howtos