Security researchers and legal experts have voiced concern this week over the prosecution of an information-technology professional for computer intrusion after he allegedly breached a university's online application system while researching a flaw without the school's permission.
Find a bug. Report it. Have the U.S. Attorney claim in court that you are liable for the costs associated with fixing the bug. Go to Jail. Dave Aitel has it right... Retarded... Boy am I glad this wasn't the case a few years back. I know there were some students at Shorter College here in Rome expelled and prosecuting for exploiting a very similiar flaw, but I've not looked into the details of it. There are a lot of problems with Sungard/Banner software/webCT integration. Colleges want to forget all about security - it just has to be easy and cheap. This is retarded and encourages people to keep stuff quiet. Breach case could curtail Web flaw finders |