From: Craig Wright (cwright@bdosyd.com.au)
Date: Thu Oct 05 2006 - 22:35:33 EDT
The police deciding to bring charges is not a decision as to the nature
of the act. This does not make it legal or not. The police will often in
Australia not touch anything with less than $1,000,000 damage or some
large public exposure. This is a resource issue.
This does not make it legal and there are firms who will file civil
suits.
Craig
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of mailing lists
Sent: Thursday, 5 October 2006 6:07 PM
To: joe@learnsecurityonline.com
Cc: pen-test@securityfocus.com
Subject: Re: Ps. Informing Companies about security vulnerabilities...
Ps.
we have had contact with the police a few times after some
reactive_aggressive had
reported a "hackers attack" to them.
but after showing the law enforcers what really happened and how with
prove, they every
time reached the same conclusion with something like "So, they have
wasted our time by
screaming Wolf!, when you guys only did your friendly neighbour duty by
telling them they
didn't lock their car door, and did not take anything from it"
and then the police phoned the complainers with the message, please
stop wasting our
time, we have closed the file.
slight difference with your case, is that we do not actively go out to
find sites and try
attacks on them, we some times notice flaws when following a path from a
paying clients
who ask us to look at the information sources they are using.
but i think there is nothing bad about walking over a parking space and
putting notes
under windshield-wipers of every car that has unlocked doors.
just because most people don't care about their living environment,
doesn't mean that the
few friendly neighbours that still have the guts to stand for doing the
right thing
should be persecuted by those who stand for nothing other then making a
few quick bucks.
so ;) keep up the good work!
there are way too many servers 'leaking' privacy sensitive information,
and the people
who's information is leaked are the real victims, not the rich companies
who are
responsible for leaking it by neglect.
Cheers,
------------
> Has anyone else gone through a similar situation? Was the company
> receptive? Other companies I've contacted in the past have been quite
> receptive - I'm just curious if other people have gone through this as
> well.
>
> No need to fill the list with this, you can email me directly with
your
> inputs and stories.
>
> --
> Joe McCray
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
------------------------------------------------------------------------
Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists.
DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy.
Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO.
BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:07 EDT