Dnia środa, 8 stycznia 2014 17:03:39 Adam Back pisze:
What you said is correct, that is what needs to happen (society and law needs to move out of the dark ages), and the only way for that to happen is brave canaries with squeaky clean reps, and sharp lawyers to blaze the path.
Indubitably.
My version was just to say be aware of the risks, that you would take by even putting your name to a hack, with any disclosure at all. If you dont want to be a canary.
Sure.
Possibly would be advisable to use a laywer for some anonmyity insulation to even sell a hack to one of the disclosure service pimping sites. (They probably are selling them to the NSA/Orwell 2.0 crew so taking their money is probably dirty money.)
Indeed.
Independent security researcher can be risky. Get a legal signed doc from the people you audit people say (yeah like they're gonna give you one for an unsolicited investigation).
Yeah, there's an old Soviet saying: "the more paper, the cleaner the arse."
Weev was an independent security researcher after all, in a team even. Goatse security http://en.wikipedia.org/wiki/Goatse_Security. They did find some interesting and news worthy hacking stuff, even won awards from Tech Crunch seemingly.
And that's what gets to me. For fucks' sake, people like Weev or Swartz discover holes left by somebody else, why are they the ones getting punished for it? If somebody made a faulty tool, they would pay, not the user exposing the problem. Maybe it's time to try to get some vendor liability/warranty going? I shudder when thinking about that, as that would pose a huge problem for Free Software, I guess, but I think it is worth exploring anyway. -- Pozdr rysiek