On Thu, 19 Apr 2007, Edward Lewis wrote:
At 18:30 -0500 4/17/07, Gadi Evron wrote:
http://www.theregister.com/2007/04/17/hackers_service_terminated/
"A 21-year-old college student in London had his internet service terminated and was threatened with legal action after publishing details of a critical vulnerability that can compromise the security of the ISP's subscribers."
I don't see any part of the story that indicates that the ISP did wrong, I see plenty that the student did wrong. E.g., did the student ever try to discreetly raise the issue with the ISP before going public?
I believe he covers his good, or lacking, disclosure policy in his blog. Fact is, he "hacked" (read telnet) his own modem. Looking at the lack of security response and seriousness from this ISP, I personally, in hindsight (although it was impossible to see back then) would not waste time with reporting issues to them, now. Gadi.
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar
Sarcasm doesn't scale.