Do cyber vigilantes make the computing world safer?

Over the past week, hacker group Goatse Security revealed thousands of email addresses of iPad users it had mined via a hole in AT&T’s Website, including addresses belonging to high-profile military leaders, politicians, and business execs. Meanwhile, a security engineer at Google made public a vulnerability in Windows XP, before Microsoft had a chance to fix it, and it’s being exploited even as I type this.

There are striking similarities between the two occurrences, most notably the justification that Goatse and Google’s Tavis Ormandy provided for sharing their findings with the world — and potentially putting innocent users at risk. Both are effectively claiming the moral high ground, arguing that they had to share their findings for the greater good because Microsoft, AT&T, and indirectly Apple were not taking the appropriate steps quickly enough to protect users.

[ Also on InfoWorld.com: The AT&T data leak is no huge deal -- really | Discover the latest in wannabe iPad killers. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

Their arguments raise an interesting question: Should we view Goatse and Ormandy as heroic Batman-esque vigilantes who are taking computer security into their own hands, causing a tiny collateral damage along the way? Or are they more of the Joker-like megalomanic variety, stirring up chaos for laughs?

Google’s Ormandy publicized the hole in Windows XP just five days after sharing it with Microsoft. Ormandy claims he released the information because Redmond refused to create a patch within 60 days. “I’m getting pretty tired of all the ’5 days’ hate mail. Those five days were spent trying to negotiate a fix within 60 days,” Ormandy tweeted on Saturday.

Meanwhile, Goatse Security member Escher Auernheimer stated in a recent blog post AT&T deserved what it had coming for failing to promptly alert users that their information had been stolen. “AT&T had plenty of time to inform the public before our disclosure. It was not done. Post-patch, disclosure should be immediate — within the hour. Days afterward is not acceptable,” he wrote. “It is theoretically possible that in the span of a day (particularly after a hole was closed) that a criminal organization might decide to use an old data set to exploit users before the users could be enlightened about the vulnerability.”

additional resources White Paper

Get the independent advice and expertise you need to support a virtual workforce.

Go inside: The three-step approach to making a virtual workforce a reality. The four flavors of client virtualization technologies. The three key initiatives that solve IT challenges. Download now » White Paper

The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Read this 2 page white paper now to learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.

Download now » White Paper

Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations select appropriate solutions.

Download now » White Paper

A common misconception is that mid-range storage requirements are dramatically different than that of a bigger enterprise. Mid-range storage users may require less capacity, but they have similar functionality and management requirements. This ESG paper examines mid-range storage needs and reviews a new solution that adjusts size while retaining value, performance and functionality.

Download now »

Do cyber vigilantes make the computing world safer?

Other Post:

Translation

Tag clouds

Recent Posts

Partner Links

404 Not Found