如果你要揭露某個安全性問題
原文出處:
http://it.slashdot.org/article.pl?sid=08/10/28/0436243
請先確定你已經請了高明的律師…
來自Slashdot的訊息,美國紐約一位15歲的高中生,因為發現學校伺服器有漏洞,可以輕易取得過去與現在就職員工的社會安全號碼、駕照號碼與住址,就透過匿名郵件向校長警告,因而被指控犯下三項重罪。這名高中生或許無意透過這個漏洞來獲取利益,但是嘗試入侵的行為卻已經觸犯法律,這是毋庸置疑。然而大多數組織不會沒事去檢查伺服器的安全性,即使有心也受限於人力與資金,有許多時候系統的潛在漏洞在無意間被發現,但系統管理者總是對這些人恩將仇報。
本應該獎勵卻變成處罰,那好吧,以後發現漏洞都不講了,直接拿偷出來的資料轉賣,反正也不會有人發現。如此一來,便形成不斷的惡性循環。
原文:
Student Charged With Three Felonies For Finding Security Flaw — and Reporting it
Well, yet another teenage hacker who “did the right thing” by reporting a security flaw is being punished for his actions. Although it definitely sounds like the whole story may not be in the clear yet, a 15-year-old New York high school student has been charged with three felonies claiming that he accessed a file containing social security numbers, driver’s license numbers, and home addresses of past and present employees … and then sent an anonymous email to the principal alerting him to the security flaw. “All that was needed to access the information was a district password. School officials have admitted that thousands of students, faculty and employees could have accessed the same file for up to two weeks.”