| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <422CACF11DC12749A90D4925C40E7746092EC0DC@SHWNCEXCH1.SRH-1.local> Date: Mon, 22 Feb 2010 16:14:57 -0600 From: "James W. Lytle" <jlytle@...enter.com> To: "'the hacker'" <info@...-hacker.info>, "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: Re: ACM.ORG data leak still there 4 days after announcing to CEO John White Were you contracted by them to conduct a penetration test? If not, legal or no, it is an ethical violation. I'm not a lawyer, but I have asked questions of lawyers and law enforcement pertaining to similar situations and the answer is that it is considered trespassing/breaking and entering and unethical unless there is a binding contract which you are fulfilling for a client. Thanks! James W. Lytle Network Analyst Medical Information Systems 1102 West Macarthur Shawnee, OK 74804 405.395.5749 (office) 405.647.0364 (pager) jlytle@...enter.com This electronic message transmission contains information from Unity Health Center which may be confidential or privileged. This information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic transmission in error, please notify us immediately by telephone (405-395-5749) or by electronic mail at jlytle@...enter.com. > -----Original Message----- > From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure- > bounces@...ts.grok.org.uk] On Behalf Of the hacker > Sent: Monday, February 22, 2010 3:44 PM > To: full-disclosure@...ts.grok.org.uk > Subject: Re: [Full-disclosure] ACM.ORG data leak still there 4 days after > announcing to CEO John White > > After raising pressure a little bit (also by writing to this list) ACM > has finally reacted and asked where the problem is. > > I told them the details so I guess they will finally be able to fix it. > > My opinion is still that I did never try to conceal anything, I gave > them my real contact information and even sent the mail from the same ip > I accessed their site etc., so this should not be illegal. > > But of course Benji is right in some way because you can always sue > anybody for anything - the question is just who will win the trial. > > In this case I really don't think it would be worth trying to sue me... > > But I think its an important discussion & I look forward to more feedback. > > TH > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists