Can you be legally prosecuted for informing a local businesses of a network vulnerability that did not require you to do any form of hacking/cracking to access and was left wide open on their network? Would this fall under responsible disclosure?
Can you be legally prosecuted for informing a local businesses of a network vulnerability that did not require you to...
Ryder Baker
Other urls found in this thread:
Dominic Miller
It's happened too many times before where the informant somehow ends up in jail. I'd just leave it alone unless you know someone at the business. I've also been a part of this sort of thing where I was in the company already and they didn't listen anyway. You're generally wasting your time with this because there's no reward no matter what happens and you can only end up worse off. Companies simply don't give a shit, even when it ends up with them losing money.
Robert Brooks
Wouldn't they have to prove you broke in to something beyond reasonable doubt? Isn't it equivalent to leaving your front door open amd them getting angry if someome looks inside?
Carter Taylor
Just exploit the vulnerability, don't be a cuck
Brayden Howard
I already reported the vulnerability, guy asked what did i hack, made it very clear i didn't hack anything amd it was out of concern for customer data amd privacy. They thanked me for it, even if he looked at me all shifty and shit. No cops were called. Did i just get lucky?
Logan Turner
Even if you did and there were no consequences, someone else would take the credit. Fuck 'em.
Matthew Morgan
why didn't you send them a fucking letter or something
Benjamin Lee
So they have hard text evidence to use against me?
Leo Martin
I suppose you could be arrested for peeking into your next door neighbors teenage daughters bedroom window, without actually breaking in and raping her? Quit probing, it's illegal too.
Adrian Nelson
Its hard to know what to do. the _right_ thing to do is report it. But Youll wind up being thrown in jail for "hacking".
How do you know about the vulnerability? What is it exactly?
The best option might be to make an example of it, slightly wreck shit, but dont steal anything. They usually get the message that way.
>tfw elderly woman at my insurance company is infront of a computer all day that just happens double as their POS computer
>tfw its got normal internet
>tfw it runs w
>MFW she says "the computers been really slow" right before she swipes my card
Levi Evans
>windows*
Daniel Bell
weev got jailed because of it because the judge and prosecutor were tech illiterate.
Aaron Lee
Anyone tech literate would probably hire you on the spot. Anyone who is tech illiterate would want to put you in jail. It depends alot.
Tyler Brooks
> be me
> work uses wifi with no password, outdated ssh
> for the production mainframe that would cost the company $800 a second in losses
:^)
Charles Howard
This
Dog anything otherwise is a major sign that you're a nu-male cuckold
Gavin Flores
They left some networking equipment unsecured that didn't request the password to access on public wifi that had the passwords of their segregated wifi networks displayed just by visiting the web interface. I told them it was a concern for customer data depending on what the traffic contained on each network.
Julian Edwards
Just submit an anonymous tip from a library or something if it's that important.
Otherwise fuck them.
Blake Hughes
Send it anonymously
Hudson Reyes
Apple also was being a cunt, hopefully nobody exposes any of their vulnerabilities from now on and just sells the info for the highest bidder.
Jacob Diaz
Libraries require an account with "your" ID.
Lucas Ross
You are an idiot.
NEVER (offer to) help companies. They will fuck you over just for the heck of it. You don't want to be the messenger that their security sucks, they'll just sue you and gloat about how they're taking action against the evil hackers.
Connor Moore
haven't you guys seen the weev documentary? that guy went to jail just for discovering a bug
>In 2010, Auernheimer and a colleague discovered that AT&T had accidentally published the private e-mail addresses of its iPad customers to an AT&T-owned Web site. Auernheimer then wrote automated software to harvest the e-mail addresses of more than 100,000 iPad users. He passed this information to Gawker.
Jacob Bailey
There is no "right thing" to do
The CFAA is intentionally vague and will never be updated so that lawmakers have the ability to do whatever they want to hacker dissidents because politicians are scared shitless of what they can do.
Leo Powell
Are you autistic? He did much more than just discover the bug