Posts Tagged ‘injustice’

If you find a security vulnerability and you live in the US … don’t say anything

Monday, March 18th, 2013

An interesting court verdict in the US today:

Basically a couple of guys who, in 2010, noticed that AT&T was improperly publishing e-mail addresses of customers with iPads and who (a) collected those e-mails and (b) sent the list to the press to point out AT&T’s lapse, got slapped with jail time today.

To be clear: these guys just fetched content from the web which should not have been there. They didn’t “hack” into any system, unless I misread this.

This will doubtless have a chilling effect on security research and on reporting of security problems.

Of course, the bad guys don’t care about such rulings — it just handcuffs (literally in this case) the good guys.

Scary how powerful large corporations have become in the US – it looks like they influence over both the legislative branch of government and over the judiciary.