Your Peace of Mind is our Commitment

Contact Us English Recent Articles

Security Legal Minefield

Last June, San Diego-based information technology professional Eric McCarty discovered an SQL-injection flaw in the University of Southern California’s online application system. He downloaded a small number of records to demonstrate the flaw existed and reported it to the University and SecurityFocus. The US Attorney's Office in the Central District of California has now charged McCaty with computer intrusion.

Michael Zweiback, an assistant US Attorney involved in the case said, "It wasn't that he could access the database and showed that it could be bypassed, he went beyond that and gained additional information regarding the personal records of the applicant. If you do that, you are going to face - like he does - prosecution."

There is a fine line for vulnerability researchers to tread between responsibly discovering flaws so that they can be fixed to prevent data theft crimes, and actually committing those crimes during the research.


More Information