Altho I'm not sure the FBI will come knocking, I would think that he is
very lucky if that company does not come after him. (worse case is that
other companies are already looking for him)
If they did read this list, then that would give them some proof, but he
has stated that he sent an email with the issues, so that may be enough
proof.
Proof that -
He knows that he did.
Because he is teaching a class on security he should know it is illegal
What could be a BIG nightmare for him in the future -
If one or more of his students hacked any of the sites that he used to
teach them. He could be held just as guilty.
By that I mean :
In a class if I show you how to hack a dummy class site with
dummy/fake/easy hacks there are no real world connections. Anything a
student does outside the class would be of their own doing.
BUT.. If I show you the exact steps on how to hack www.xyc.com and then
a student does the exact same steps, I am just as guilty. It would be
the same as me posting instructions on the internet.
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Michael Scheidell
Sent: Thursday, October 05, 2006 2:11 AM
To: pen-test@securityfocus.com
Subject: RE: Informing Companies about security vulnerabilities...
-----Original Message-----
From: listbounce@securityfocus.com
[mailto:listbounce@securityfocus.com] On Behalf Of Joseph McCray
Sent: Wednesday, October 04, 2006 3:07 AM
To: pen-test@securityfocus.com
Subject: Informing Companies about security vulnerabilities...
This probably won't sound like that big of a deal, but it
still bothered me so I figured I'd ask the list. I was
teaching a Web Application Security class last week and we
were performing simple XXS, SQL Injection, etc on the
vulnerable web apps I use for class.
So, what's the pool up to now? I have $50 on two weeks before the FBI
closes down the school, takes all the computers in the school, executes
a search warrant for every students computer, and the bright boy
teaching the class spends thousands of dollars trying to explain to a
Judge (that reads the newspaper about hacks on banks) that what he did
was not hacking.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
------------------------------------------------------------------------
-----------------------------------------
This e-mail message is private and may contain confidential or
privileged information.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
