lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 22 Feb 2010 16:14:57 -0600
From: "James W. Lytle" <jlytle@...enter.com>
To: "'the hacker'" <info@...-hacker.info>, "full-disclosure@...ts.grok.org.uk"
	<full-disclosure@...ts.grok.org.uk>
Subject: Re: ACM.ORG data leak still there 4 days after
 announcing to CEO John White

Were you contracted by them to conduct a penetration test?  If not, legal or no, it is an ethical violation.  I'm not a lawyer, but I have asked questions of lawyers and law enforcement pertaining to similar situations and the answer is that it is considered trespassing/breaking and entering and unethical unless there is a binding contract which you are fulfilling for a client.

Thanks!

James W. Lytle
Network Analyst
Medical Information Systems
1102 West Macarthur
Shawnee, OK 74804
405.395.5749 (office)
405.647.0364 (pager)
jlytle@...enter.com
 
This electronic message transmission contains information from Unity Health Center which may be confidential or privileged. This information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic transmission in error, please notify us immediately by telephone (405-395-5749) or by electronic mail at jlytle@...enter.com.
 


> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-
> bounces@...ts.grok.org.uk] On Behalf Of the hacker
> Sent: Monday, February 22, 2010 3:44 PM
> To: full-disclosure@...ts.grok.org.uk
> Subject: Re: [Full-disclosure] ACM.ORG data leak still there 4 days after
> announcing to CEO John White
> 
> After raising pressure a little bit (also by writing to this list) ACM
> has finally reacted and asked where the problem is.
> 
> I told them the details so I guess they will finally be able to fix it.
> 
> My opinion is still that I did never try to conceal anything, I gave
> them my real contact information and even sent the mail from the same ip
> I accessed their site etc., so this should not be illegal.
> 
> But of course Benji is right in some way because you can always sue
> anybody for anything  - the question is just who will win the trial.
> 
> In this case I really don't think it would be worth trying to sue me...
> 
> But I think its an important discussion & I look forward to more feedback.
> 
> TH
> 
> 
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ