If you find a security vulnerability and you live in the US … don’t say anything
An interesting court verdict in the US today:
Basically a couple of guys who, in 2010, noticed that AT&T was improperly publishing e-mail addresses of customers with iPads and who (a) collected those e-mails and (b) sent the list to the press to point out AT&T’s lapse, got slapped with jail time today.
To be clear: these guys just fetched content from the web which should not have been there. They didn’t “hack” into any system, unless I misread this.
This will doubtless have a chilling effect on security research and on reporting of security problems.
Of course, the bad guys don’t care about such rulings — it just handcuffs (literally in this case) the good guys.
Scary how powerful large corporations have become in the US – it looks like they influence over both the legislative branch of government and over the judiciary.