Forgot your password?
typodupeerror
Security

+ - Web vulnerability disclosure

Submitted by Scott
Scott (666) writes "I'm submitting my own story on an important topic: Is it illegal to discover a vulnerability on a Web site? No one knows yet but Eric McCarty's pleading guilty to hacking USC's web site was "terrible and detrimental" to tech lawyer Jennifer Granick, who believes the law needs to be at least clarified, if not changed to protect those who find flaws in production Web sites as opposed to those who "exploit" production Web sites. Of course, the owners of sites often don't see the distinction between the two. Regardless of whether or not it's illegal to disclose Web vulnerabilities, it's certainly problematic, and perhaps a fool's errand. After all, have you seen how easy it is to find XSS flaws in Web sites? In fact, the Web is challenging the very definition of vulnerability and some researchers are scared. As one researcher in the story says: "I'm intimidated by the possible consequences to my career, bank account and sanity. I agree with [noted security researcher] H.D. Moore, as far as production websites are concerned: 'There is no way to report a vulnerability safely.'""
United States

Feds Check Credit Reports Without a Subpoena 290

Posted by kdawson
from the thanks-Patriot-Act dept.
An anonymous reader points out that, by using National Security Letters, the FBI and other agencies can legally pull your credit report. The letters have been used by the FBI (mostly) but in some cases by the CIA and Defense Department. From the article: "'These statutory tools may provide key leads for counterintelligence and counterterrorism investigations,' Whitman said. 'Because these are requests for information rather than court orders, a DOD request under the NSL statutes cannot be compelled absent court involvement.'" Recipients of the letters, banks and credit bureaus, usually hand over the requested information voluntarily. A posting at tothecenter.com quotes the Vice President on the use of the letters: "It's perfectly legitimate activity. There's nothing wrong or illegal with it. It doesn't violate people's civil rights... The Defense Department gets involved because we've got hundreds of bases inside the United States that are potential terrorist targets."

Comment: Re:Old hat? (Score 4, Interesting) 190

by madaxe42 (#17601928) Attached to: Ball Lightning Created In the Lab
Yep - easiest way to make ball lightning - light a wide based candle, without any metal in it (no tea-lights!), place it in the microwave, in the middle of the plate. Nuke. Plasma ball appears, candle goes out, and plasma ball remains. Turn off microwave, the plasma stays a few seconds, before descending back into the candle.

"Now this is a totally brain damaged algorithm. Gag me with a smurfette." -- P. Buhr, Computer Science 354

Working...