Here is a very good article about Security researchers going to jail for doing the right thing. They find a flaw in some instituition/company website, one that exposes valuable or personal information, and they do the good deed and tell the instituition/company about the flaw allowing them to fix it (which most likely they would never have found on their own until some bad guy came in and stole all the information and banckrupted them and their customers/clients). So how do they say thanks to the good guy? They take him to court and sue him for computer intrusion. This is so very backward thinking, and shows how badly they DONT understand security. If I found out a business did this I would not want to be associated with them or in any kind of financial/priviledged relationship with them. They are destined to fail and leak out my information to the real bad guys cause they don’t take security seriously, they are only concerned with their image (which apparently they don’t protect very well either).
Anyway, it’s a good read, and hopefully instituition will learn that they want these researchers on their side, not against them, or worse, out of the picture completely (which affects all of us).
