Saturday, April 29, 2006

Collar of the week

The DoJ has brought charges against a security specialist for doing unauthorized penetration testing.

Eric McCarty, 25, is alleged to have probed the USC on-line application system. After discovering an SQL injection vulnerability he reported it to SecurityFocus rather than the university admins leading to a series of press reports.

I have been expecting something of the sort to happen for a while, security specialist makes unauthorized probe of system, owner makes complaint to police, prosecution makes a federal case of it.

As always an indictment is not a conviction and the press release may not state the full facts. This would not be the first time someone got into trouble for unauthorized penetration testing but it may be the first that attracts serious attention.

No comments: