Language Selection

English French German Italian Portuguese Spanish

Security Research and Computer Crime - Where do we Draw the Line?

Filed under

This is interesting - the case of Eric McCarty, a security researcher and sysadmin charged by Federal prosecutors last month with "knowingly having transmitted a code or command to intentionally cause damage" to the University of Southern California's applicant website (I noticed the FBI press release uses the word "sequel" instead of SQL. I hope that wording didn't come from the complaint itself...).

Apparently, McCarty exploited a SQL injection flaw to access student data (which included social security numbers and dates of birth) in the database backing USC's website. He then notified SecurityFocus via email, who notified USC of the vulnerability. USC shut their site down for two weeks while it was being fixed (my guess is the "damage" comes from the fact that USC had to take their applicant website offline, since McCarty didn't do anything malicious with the information). Here is the text of the statute he is alleged to have violated (see section (5)(A)(Sleepy).

The case, and others like it, show the ethical conflict involved in some computer crime prosecutions.

Full Story.

More in Tux Machines

Subresource Integrity Support Ready For Firefox 43, Chrome 45

With the upcoming releases of the Mozilla Firefox and Google Chrome web-browsers is support for the W3C Subresource Integrity (SRI) specification. The Subresource Integrity feature allows web developers to ensure that externally-loaded scripts/assets from third-party sources (e.g. a CDN) haven't been altered. The SRI specification adds a new "integrity" HTML attribute when loading such assets where you can specify a hash of the file source expected -- the loaded resource must then match the hash for it to be loaded. Read more

today's leftovers

Linux Switches/Routers

today's howtos