如果你要揭露某個安全性問題

如果你要揭露某個安全性問題
原文出處:
http://it.slashdot.org/article.pl?sid=08/10/28/0436243
請先確定你已經請了高明的律師…

來自Slashdot的訊息,美國紐約一位15歲的高中生,因為發現學校伺服器有漏洞,可以輕易取得過去與現在就職員工的社會安全號碼、駕照號碼與住址,就透過匿名郵件向校長警告,因而被指控犯下三項重罪。這名高中生或許無意透過這個漏洞來獲取利益,但是嘗試入侵的行為卻已經觸犯法律,這是毋庸置疑。然而大多數組織不會沒事去檢查伺服器的安全性,即使有心也受限於人力與資金,有許多時候系統的潛在漏洞在無意間被發現,但系統管理者總是對這些人恩將仇報。

本應該獎勵卻變成處罰,那好吧,以後發現漏洞都不講了,直接拿偷出來的資料轉賣,反正也不會有人發現。如此一來,便形成不斷的惡性循環。

原文:
Student Charged With Three Felonies For Finding Security Flaw — and Reporting it
Well, yet another teenage hacker who “did the right thing” by reporting a security flaw is being punished for his actions. Although it definitely sounds like the whole story may not be in the clear yet, a 15-year-old New York high school student has been charged with three felonies claiming that he accessed a file containing social security numbers, driver’s license numbers, and home addresses of past and present employees … and then sent an anonymous email to the principal alerting him to the security flaw. “All that was needed to access the information was a district password. School officials have admitted that thousands of students, faculty and employees could have accessed the same file for up to two weeks.”

Be the first to reply

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *

請輸入下列驗證碼計算後阿拉伯數字 (Translate it, if not Taiwanese to post reply) *