Hello hello

[Joe]

That's right. Sidoh goes to school with felons. Don't mess with him.

As far as I know, that was total bullshit.  He found a vulnerability and got in trouble for showing an administrator a proof of concept.

I don't think showing administrators proof of concepts on public machines in your library is a good idea, but it shouldn't be a felony though.

Regardless, that's not what I'm talking about.

[Newby]

I don't think showing administrators proof of concepts on public machines in your library is a good idea, but it shouldn't be a felony though.

Read my mind. Explaining the vulnerability is good, but PoC was overkill. :|

[iago]

I don't think showing administrators proof of concepts on public machines in your library is a good idea, but it shouldn't be a felony though.

Yes, it should be. It shouldn't be any different from breaking into somebody's house, sitting on their couch, and watching their TV until they came home.

In any case, the situation was more complicated than that. 

[Sidoh]

I don't think showing administrators proof of concepts on public machines in your library is a good idea, but it shouldn't be a felony though.

Yes, it should be. It shouldn't be any different from breaking into somebody's house, sitting on their couch, and watching their TV until they came home.

In any case, the situation was more complicated than that. 

Correct me if I'm wrong, but isn't a proof of concept just showing that an vulnerability exists, without actually using it for anything malicious?

I'd say it's more like opening the door, leaving it alone and then demonstrating it for the person who owns the house so that they can fix the door, but maybe my definition is all screwy?

I've heard things about the situation, but I figured they were just rumors... I'm guessing I don't know much about it because I didn't really know anyone in the vL group very well around the time it happened.

[iago]

Correct me if I'm wrong, but isn't a proof of concept just showing that an vulnerability exists, without actually using it for anything malicious?

I'd say it's more like opening the door, leaving it alone and then demonstrating it for the person who owns the house so that they can fix the door, but maybe my definition is all screwy?

I've heard things about the situation, but I figured they were just rumors... I'm guessing I don't know much about it because I didn't really know anyone in the vL group very well around the time it happened.

Yes, that's correct. However, the person in question (to summarize) found the vulnerability, used it to install software for his own purposes, and eventually alerted the staff. So I think the situation I posed makes sense.

[Joe]

So basically he walked in to the house, made some popcorn and watched TV for an hour, then left leaving the door open? Gotcha.

[Sidoh]

Yes, that's correct. However, the person in question (to summarize) found the vulnerability, used it to install software for his own purposes, and eventually alerted the staff. So I think the situation I posed makes sense.

I see.  I totally agree, then.  I wasn't aware of anything else he did.

[Camel]

So basically he walked in to the house, made some popcorn and watched TV for an hour, then left leaving the door open? Gotcha.

Leaving the door open would be inviting others who are unfamiliar with the door's lack of locks to come in.

I think in this case, he just left the lights and the heat on.

Mmm, popcorn.

[Krazed]

Hey cool, we've gone up in the world. We're #236 on google now.