Re: Youth expelled from Montreal college after finding "sloppy coding" that compromised security of 250, 000 students personal data

[Jim Murray <jim () digitaldaemons co uk>]

Bad example to set for others - these companies really need to think 
before they reach for the lawyer.

Next time some student discovers a flaw in a piece of software what's he 
more likely to do now...

A : Report it and get threatened/kicked out of college/arrested

or

B : Sell the exploit on the underground anonymously and make some cash.

Corporate behavior like this is damaging both to the corporation and to 
society, the sooner that lesson is learned the better for everyone.

Jim.


On 21/01/2013 3:26 PM, Rich Kulawiec wrote:
> (h/t to Nadim Kobeissi)
>
>         Youth expelled from Montreal college after finding "sloppy coding" that compromised security of 250,000 
> students personal data
>         
> http://news.nationalpost.com/2013/01/20/youth-expelled-from-montreal-college-after-finding-sloppy-coding-that-compromised-security-of-250000-students-personal-data/
>
> Same old story, complete with the customary vacuous denial-by-assertion:
>
>         "We acted immediately to fix the problem, and were able to do
>         so before anyone could use it to access private information."
>
> Riiiiiiight, so you weren't good enough to avoid creating the vulnerability
> in the first place, yet you are somehow omniscient enough to know that
> nobody, that's right, NOBODY, exploited the hole before you fixed it.
>
> ---rsk
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.