http://news.zdnet.co.uk/security/0,1000000189,39562174,00.htm By Tom Espiner ZDNet.co.uk 25 Nov 2008 The US-based Electronic Frontier Foundation has published a guide on how IT professionals can avoid falling foul of the law as a result of ethical hacking. The Electronic Frontier Foundation (EFF) 'Grey Hat' Guide [1] ponders such questions as what a security researcher should do if they unintentionally "violate the law" in the course of their investigations. "A computer-security researcher who has inadvertently violated the law during the course of her investigation faces a dilemma when thinking about whether to notify a company about a problem she discovered in one of the company's products," the guide states. "By reporting the security flaw, the researcher reveals that she may have committed unlawful activity, which might invite a lawsuit or criminal investigation. On the other hand, withholding information means a potentially serious security flaw may go unremedied." The EFF said that researchers in this situation could reconstruct research using technology they are authorised to use, or report the flaw in general terms. However, both of these options are "undesirable", the EFF said. [1] http://www.eff.org/issues/coders/grey-hat-guide [...] _______________________________________________ Help InfoSecNews.org with a donation! http://www.infosecnews.org/donate.htmlReceived on Wed Nov 26 2008 - 02:14:44 PST
This archive was generated by hypermail 2.2.0 : Wed Nov 26 2008 - 02:22:08 PST