Subscribe to the RSS Feed »

Follow me on Twitter »



Find Programming Jobs

Prosecuting white hat hackers

Should people who break into Web sites and then report the vulnerability to the site owners be prosecuted?

In June of 2005, Eric McCarty discovered a vulnerability on the University of Southern California's online application system. He reported this vulnerability to Security Focus intending for Security Focus to act as a neutral third party to help contact the school and resolve the issue. Working with USC, McCarty
demonstrated, investigated and fixed the vulnerability to ensure their system was secure. A couple of months later, the FBI confiscated his computer. Eight months after that, he was charged with violating 18 U.S.C. 1030(a)(5)(A)(i)(B)(i) Computer Intrusion, a provision under the Patriot Act. The case is being heard now.

This is an intersting story that security researchers will want to follow closely. To learn more–or to offer your support for McCarty–visit his website, freemccarty.com.

Share this: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Sphinn
  • StumbleUpon
  • TwitThis
  • del.icio.us
  • bodytext
  • Technorati
  • Pownce
  • description

Posted May 18, 2006 in Security | Permanent Link
You can follow any responses to this entry through the RSS 2.0 feed. You can also leave a response, or trackback from your own site.

« Firefox Google search plugin and locale redirection
Introducing Spry: Adobe's AJAX framework »

One Response to “Prosecuting white hat hackers”

  1. Sam Stevens Says:
    May 23rd, 2006 at 11:43 am

    Interesting related discussion going on here: Reporting Vulnerabilities is for the Brave.

Leave a Reply