Language Selection

English French German Italian Portuguese Spanish

Security Research and Computer Crime - Where do we Draw the Line?

Filed under
Legal

This is interesting - the case of Eric McCarty, a security researcher and sysadmin charged by Federal prosecutors last month with "knowingly having transmitted a code or command to intentionally cause damage" to the University of Southern California's applicant website (I noticed the FBI press release uses the word "sequel" instead of SQL. I hope that wording didn't come from the complaint itself...).

Apparently, McCarty exploited a SQL injection flaw to access student data (which included social security numbers and dates of birth) in the database backing USC's website. He then notified SecurityFocus via email, who notified USC of the vulnerability. USC shut their site down for two weeks while it was being fixed (my guess is the "damage" comes from the fact that USC had to take their applicant website offline, since McCarty didn't do anything malicious with the information). Here is the text of the statute he is alleged to have violated (see section (5)(A)(Sleepy).

The case, and others like it, show the ethical conflict involved in some computer crime prosecutions.

Full Story.

More in Tux Machines

Linux on Servers

  • IBM i Open Source Business Architect Lays Out A Plan
    Enterprise level application development is no place for open source languages. Can you believe it? That was once the widely accepted truth. Jiminy Crickets! Things have changed. The number of the stable open source distributions available with comprehensive support and maintenance goes well beyond common knowledge. Industry giants, successful SMB players, and mom and pop businesses are finding good reasons to use open source. Even IBM uses open source for internal business reasons. There are reasons for you to do the same.
  • Lightning Talk - Realizing the Multi-Cloud Promise of Kubernetes by Blake White, The Walt Disney Co.
  • How Disney Is Realizing the Multi-Cloud Promise of Kubernetes
    The Walt Disney Company is famous for “making magic happen,” and their cross-cloud, enterprise level Kubernetes implementation is no different. In a brief but information-packed lightning talk at CloudNativeCon in Seattle in November, Disney senior cloud engineer Blake White laid out a few of the struggles and solutions in making Kubernetes work across clouds.
  • Puppet Launches its Latest State of DevOps Survey
    Folks who are focused on container technology and virtual machines as they are implemented today might want to give a hat tip to some of the early technologies and platforms that arrived in the same arena. Among those, Puppet, which was built on the legacy of the venerable Cfengine system, was an early platform that helped automate lots of virtual machine implementations. We covered it in depth all the way back in 2008. Fast-forward to today, and Puppet is still making news, creating jobs and more.

today's howtos

More Games

Red Hat News