From: smcmahon at eiv.com (Shawn McMahon)
Subject: Sql Injection big5 consultancy

On Tue, Jun 24, 2003 at 07:03:48PM +0000, joseph blater said:
> 
> Thanks for all the valuable input, I decided I will just STFU and keep it 
> to myself. Let them discover it when some bad guy drops their databases and 
> own their box. Better than facing a prossecution because of security 
> professionals and developers trying to blame their incompetency on me (I 
> can even imagine the "extorsion cracker"). Altough my country doesnt have 
> any police forensics or especific laws, things could get nasty.

That's not that far-fetched a concern.  Remember:

http://www.landfield.com/isn/mail-archive/2001/Aug/0150.html
http://www.sweetliberty.org/issues/tidbits/briankwest.htm
http://www.usdoj.gov/criminal/cybercrime/WestPlea.htm
http://lists.insecure.org/lists/politech/2003/Jan/0106.html

Brian K. West was sentenced to 3 years probation, and is now a convicted
felon, for poking around not dissimilar to yours.  Note that the travel
restrictions he's under would prevent travelling to either of the large
cities in Oklahoma.  He's essentially confined to a rural existence
unless he gets permission.


-- 
Shawn McMahon     | Let every nation know, whether it wishes us well or ill,
EIV Consulting    | that we shall pay any price, bear any burden, meet any
UNIX and Linux	  | hardship, support any friend, oppose any foe, to assure
http://www.eiv.com| the survival and the success of liberty. - JFK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030624/c8f8527d/attachment.bin

Powered by blists - more mailing lists