|
|
|
|
|
|
by phusion
3678 days ago
|
|
|
This is so wrong, but it's not surprising. We've been reading stories for years of security researchers being charged with a crime or harassed for simply pointing out blatant security holes. What kind of thinking is this? He was doing them a favor. Every time, it seems to me that they are embarrassed by the incident and lash out. WHY!?? We should be treating these researchers like heroes, not kicking in their doors and having the FBI charge them with criminal CFAA violations. Once the chilling effect comes down in full force, we'll have a much less secure Internet. |
|
|
The arrest may have nothing to do with accessing the Public FTP, and entirely to do with the research he was doing on the FTP service itself. If he was attempting to exploit the FTP service hosted by someone else (something or other aboubt database credentials was mentioned), he would absolutely be in violation of CFAA. You do that sort of research on your OWN system.
First rule of security testing: make sure you have permission.