Language Selection

English French German Italian Portuguese Spanish

Security Research and Computer Crime - Where do we Draw the Line?

Filed under
Legal

This is interesting - the case of Eric McCarty, a security researcher and sysadmin charged by Federal prosecutors last month with "knowingly having transmitted a code or command to intentionally cause damage" to the University of Southern California's applicant website (I noticed the FBI press release uses the word "sequel" instead of SQL. I hope that wording didn't come from the complaint itself...).

Apparently, McCarty exploited a SQL injection flaw to access student data (which included social security numbers and dates of birth) in the database backing USC's website. He then notified SecurityFocus via email, who notified USC of the vulnerability. USC shut their site down for two weeks while it was being fixed (my guess is the "damage" comes from the fact that USC had to take their applicant website offline, since McCarty didn't do anything malicious with the information). Here is the text of the statute he is alleged to have violated (see section (5)(A)(Sleepy).

The case, and others like it, show the ethical conflict involved in some computer crime prosecutions.

Full Story.

More in Tux Machines

EC publishes open source code of legislation editor

The European Commission is about to make available as open source a prototype of LEOS, a software solution for drafting and automatic processing of legal texts. The software currently supports legal texts issued by the EC, yet can be extended to support other legislative processes. Read more

Lenovo ThinkPad L450 comes with Ubuntu

Canonical, the commercial sponsor of Ubuntu, has announced that Lenovo will start shipping Ubuntu preloaded devices starting with ThinkPad L450 laptop series this month. The laptops will be on sale at selected commercial resellers and distributors at Rs 40,000. Read more

Leftovers: Kernel

openSUSE Leap 42 Is a New Version That Will Change the openSUSE Project

The openSUSE community has spoken, and the name and version of the new openSUSE release have been chosen. The project is undergoing some major changes, and they had to illustrate that with a name that sells it. Read more