|
-
August 4th, 2007, 11:54 AM
#1
There ain't no law in Michigan
This dirtbag needs taking down, and fast!
http://www.snpx.com/cgi-bin/news55.c...20885329?-2622
Over here we have laws dealing with the following offences:
1. Demanding money with menaces
2. Extortion
Finding vulnerabilities in other people's software is one thing. Demanding to be paid for it or you will make it public is totally unacceptable.
As I said, this "start-up" needs to be "shut-down" 
-
August 5th, 2007, 07:43 AM
#2
Junior Member
Would it still be as bad if they just offered it to the person who is willing to pay the most? At least they give the company a better chance.
-
August 5th, 2007, 10:12 AM
#3
Hello rhin0, and welcome to AO,
Would it still be as bad if they just offered it to the person who is willing to pay the most? At least they give the company a better chance.
Yes it would. You can buy a lot of stuff on the internet............SSNs, CCns and the like. It is illegal, as is the sale of hacking software.
I guess this guy would be up for:
1. Incitement to commit a felony
2. Aiding and abetting (assuming the knowledge was used maliciously).
You see, other than the software vendor, the only people to whom the information might possibly have a monetary value is to those with criminal intent.
The concept of responsible disclosure is controversial, as software vendors do not have a sacred right to sell crapware, and might be reasonably expected to rectify vulnerabilities in their applications. If they don't, then disclosure might be considered to be in the public interest.
If you want to see examples of how this should work, just check the two RSS feeds on the front page of this site. Security Focus and the National Vulnerability DB.
Another thought is that when you buy or download software you do not own it. You are licenced to use it in accordance with the terms of the EULA. They all expressly forbid reverse engineering, which is how you would detect vulnerabilities.
For example, using a toolset like this on proprietary code would violate the EULA:
http://www.technologismiki.com/prod.php?id=31
Open source?...............fine, there is no-one to blackmail, so it is of no interest to this scumbag. Anyways, the open source community is as open about vulnerabilities as it is about its code.............. by finding them you are actually contributing to the project, but don't expect to get paid 
What you should bear in mind is that if someone irresponsibly discloses details of a vulnerability in software that you are using, they are putting you directly at risk?
Similar Threads
-
By gore in forum Tech Humor
Replies: 14
Last Post: November 4th, 2005, 01:20 PM
-
By Egaladeist in forum AntiOnline's General Chit Chat
Replies: 1
Last Post: October 30th, 2005, 06:25 AM
-
By gore in forum Tech Humor
Replies: 10
Last Post: August 7th, 2005, 04:39 PM
-
By gore in forum Tech Humor
Replies: 14
Last Post: November 5th, 2003, 02:15 PM
-
By gore in forum Tech Humor
Replies: 16
Last Post: July 24th, 2003, 01:06 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote