Language Selection

English French German Italian Portuguese Spanish

Security Research and Computer Crime - Where do we Draw the Line?

Filed under
Legal

This is interesting - the case of Eric McCarty, a security researcher and sysadmin charged by Federal prosecutors last month with "knowingly having transmitted a code or command to intentionally cause damage" to the University of Southern California's applicant website (I noticed the FBI press release uses the word "sequel" instead of SQL. I hope that wording didn't come from the complaint itself...).

Apparently, McCarty exploited a SQL injection flaw to access student data (which included social security numbers and dates of birth) in the database backing USC's website. He then notified SecurityFocus via email, who notified USC of the vulnerability. USC shut their site down for two weeks while it was being fixed (my guess is the "damage" comes from the fact that USC had to take their applicant website offline, since McCarty didn't do anything malicious with the information). Here is the text of the statute he is alleged to have violated (see section (5)(A)(Sleepy).

The case, and others like it, show the ethical conflict involved in some computer crime prosecutions.

Full Story.

More in Tux Machines

today's howtos

Android Leftovers

University students create award-winning open source projects

In my short time working for Clarkson University, I've realized what a huge impact this small university is making on the open source world. Our 4,300 student-strong science and technology-focused institution, located just south of the Canadian border in Potsdam, New York, hosts the Clarkson Open Source Institute (COSI), dedicated to promoting open source software and providing equipment and support for student projects. While many universities offer opportunities for students to get involved in open source projects, it's rare to have an entire institute dedicated to promoting open source development. COSI is part of Clarkson's Applied Computer Science Labs within the computer science department. It, along with the Internet Teaching Lab and the Virtual Reality Lab, is run by students (supported by faculty advisers), allowing them to gain experience in managing both facilities and projects while still undergraduates. Read more

Linux 4.17-rc2

So rc2 is out, and things look fairly normal. The diff looks a bit unusual, with the tools subdirectory dominating, with 30%+ of the whole diff. Mostly perf and test scripts. But if you ignore that, the rest looks fairly usual. Arch updates (s390 and x86 dominate) and drivers (networking, gpu, HID, mmc, misc) are the bulk of it, with misc other changes all over (filesystems, core kernel, networking, docs). We've still got some known fallout from the merge window, but it shouldn't affect most normal configurations, so go out and test. Linus Read more Also: Upstream Linux support for new NXP i.MX8