Member Forums > iago's forum
come home
Sidoh:
--- Quote from: iago on December 16, 2010, 02:17:02 pm ---
--- Quote from: rabbit on December 16, 2010, 01:49:57 pm ---
--- Quote from: iago on December 16, 2010, 12:29:55 pm ---
--- Quote from: deadly7 on December 16, 2010, 11:41:36 am ---
--- Quote from: iago on December 16, 2010, 09:08:18 am ---I don't care if it's Canadian, American, or European data - releasing it without the company's knowledge is wrong, both legally and ethically.
And for what it's worth, I've already talked to investigators about the situation. The company in question is taking this very seriously.
--- End quote ---
I was speaking from a purely legal standpoint, not a moral one. FWIW I agree with you that working with the company to secure their data is more ethical. And makes you more money.
--- End quote ---
Even legally - if I cause significant financial damage to a company, which this potentially could (especially being the X-mas season), they're going to go after me no matter which country I'm in (provided it isn't an unfriendly one).
--- End quote ---
Quick! Move to Iraq!
--- End quote ---
Isn't Iraq owned by the US now?
--- End quote ---
Either way, it's not exactly friendly. :)
--- Quote from: iago on December 16, 2010, 09:08:18 am ---
--- Quote from: deadly7 on December 16, 2010, 01:36:41 am ---
--- Quote from: iago on December 15, 2010, 09:00:52 am ---No, I'm not really sure what gave you that idea.. :P
--- End quote ---
Why would you be afraid of legal action if you aren't a national of the US? I highly doubt Canada would extradite you like that, if push came to shove.
I mean, assuming you haven't gotten passwords to the NYSE admin accounts or something. If you did that I would bow.
--- End quote ---
I don't care if it's Canadian, American, or European data - releasing it without the company's knowledge is wrong, both legally and ethically.
And for what it's worth, I've already talked to investigators about the situation. The company in question is taking this very seriously.
--- End quote ---
Release it anonymously!
I don't think it's unambiguously wrong from a moral standpoint.
iago:
--- Quote from: Sidoh on December 16, 2010, 02:44:23 pm ---Release it anonymously!
I don't think it's unambiguously wrong from a moral standpoint.
--- End quote ---
I think it is. I have 5 million passwords belonging to ~15 million users. I'd be directly harming some proportion of those users. That makes it wrong in my mind.
Additionally, there is some malice at play - somebody stole these, and right now investigators are trying to find that person/people. If I release it with the name of the company in question, those people are going to be tipped off that others know what's going on and will likely be more difficult to find.
Sidoh:
My suggestions are in jest.
I still don't think it's absolutely wrong, though, even if it does hurt people.
deadly7:
--- Quote from: Sidoh on December 16, 2010, 04:42:18 pm ---I still don't think it's absolutely wrong, though, even if it does hurt people.
--- End quote ---
If a company had amassed data on people illegally, they'd get away with it as long as possible. I agree with your statement that it's not absolutely wrong, just could end up doing lots of damage. I don't know what Gawker is, so I'm talking in general terms of releasing passwords.
iago:
--- Quote from: deadly7 on December 16, 2010, 04:46:28 pm ---
--- Quote from: Sidoh on December 16, 2010, 04:42:18 pm ---I still don't think it's absolutely wrong, though, even if it does hurt people.
--- End quote ---
If a company had amassed data on people illegally, they'd get away with it as long as possible. I agree with your statement that it's not absolutely wrong, just could end up doing lots of damage. I don't know what Gawker is, so I'm talking in general terms of releasing passwords.
--- End quote ---
This isn't about Gawker - those passwords are out there and everybody has them. And they aren't doing *that much* damage - it isn't that important of a site, most people register with crap passwords to comment.
What we're talking about is a large financial site with 10x as many passwords breached. I have the passwords, but I don't want to name the site or anything until it hits the press on its own. It's being actively investigated. :)
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version