Archive for March, 2013

If you find a security vulnerability and you live in the US … don’t say anything

Monday, March 18th, 2013

An interesting court verdict in the US today:

Basically a couple of guys who, in 2010, noticed that AT&T was improperly publishing e-mail addresses of customers with iPads and who (a) collected those e-mails and (b) sent the list to the press to point out AT&T’s lapse, got slapped with jail time today.

To be clear: these guys just fetched content from the web which should not have been there. They didn’t “hack” into any system, unless I misread this.

This will doubtless have a chilling effect on security research and on reporting of security problems.

Of course, the bad guys don’t care about such rulings — it just handcuffs (literally in this case) the good guys.

Scary how powerful large corporations have become in the US – it looks like they influence over both the legislative branch of government and over the judiciary.

Date formats

Sunday, March 3rd, 2013

Just noticed this at xkcd:

date formats

I couldn’t have said it better myself. Why do people persist in weird and wacky date formats? What’s the point? Isn’t 2013-03-05 simply better, clearer, shorter, more sortable and basically superior in every conceivable way?

Do different cultures and locales really still need their own, weird, mutually-incomprehensible and obviously-not-as-good-as-ISO date formats? Really?