[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] ACM.ORG data leak still there 4 days after announcing to CEO John White
- To: "'the hacker'" <info@xxxxxxxxxxxxxxx>, "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] ACM.ORG data leak still there 4 days after announcing to CEO John White
- From: "James W. Lytle" <jlytle@xxxxxxxxxxxx>
- Date: Mon, 22 Feb 2010 16:14:57 -0600
Were you contracted by them to conduct a penetration test? If not, legal or
no, it is an ethical violation. I'm not a lawyer, but I have asked questions
of lawyers and law enforcement pertaining to similar situations and the answer
is that it is considered trespassing/breaking and entering and unethical unless
there is a binding contract which you are fulfilling for a client.
Thanks!
James W. Lytle
Network Analyst
Medical Information Systems
1102 West Macarthur
Shawnee, OK 74804
405.395.5749 (office)
405.647.0364 (pager)
jlytle@xxxxxxxxxxxx
This electronic message transmission contains information from Unity Health
Center which may be confidential or privileged. This information is intended to
be for the use of the individual or entity named above. If you are not the
intended recipient, be aware that any disclosure, copying, distribution or use
of the contents of this information is prohibited. If you have received this
electronic transmission in error, please notify us immediately by telephone
(405-395-5749) or by electronic mail at jlytle@xxxxxxxxxxxxx
> -----Original Message-----
> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx [mailto:full-disclosure-
> bounces@xxxxxxxxxxxxxxxxx] On Behalf Of the hacker
> Sent: Monday, February 22, 2010 3:44 PM
> To: full-disclosure@xxxxxxxxxxxxxxxxx
> Subject: Re: [Full-disclosure] ACM.ORG data leak still there 4 days after
> announcing to CEO John White
>
> After raising pressure a little bit (also by writing to this list) ACM
> has finally reacted and asked where the problem is.
>
> I told them the details so I guess they will finally be able to fix it.
>
> My opinion is still that I did never try to conceal anything, I gave
> them my real contact information and even sent the mail from the same ip
> I accessed their site etc., so this should not be illegal.
>
> But of course Benji is right in some way because you can always sue
> anybody for anything - the question is just who will win the trial.
>
> In this case I really don't think it would be worth trying to sue me...
>
> But I think its an important discussion & I look forward to more feedback.
>
> TH
>
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/