Jump to content



Welcome to KnowledgeSutra - Dear Guest , Please Register here to get Your own website. - Ask a Question / Express Opinion / Reply w/o Sign-Up!
- - - - -

Security Vulnerablilty In A System

Started by nirmaldaniel, Feb 19 2010 07:35 AM

No replies to this topic

#1 nirmaldaniel

    Privileged Member

  • Kontributors
  • PipPipPipPipPipPipPipPipPip
  • 519 posts
  • Gender:Male
  • Location:India
  • Interests:Surfing the Internet !
  • myCENT:53.01

Posted 19 February 2010 - 07:35 AM

Talking about the various Computer Security Issues & Exploits let me put forth a simple question to all the Computer Geeks. Lets consider you use a particular System (Some thing like a service provider, hereafter reffered as system) and in that system while you use it you find a big security exploit which when exploited can result in a loss of thousands of dollars for that company. One will get to know that there exists such an exploit once he had tried that exploit now.

At this point if the person who found that exploit uses that vulnerablity and checks for various possiblity and he confirms that it is a serious exploit which has to be dealt with. Now he can do many things, go and publicize that and become famous, or use for his personal use or can report to the concerned authorities of that company from which that product or system has been released. So now that if he is ethical enough he is gonna report to that company. In this case he has already violated the Policy of the company by exploiting the security hole but he had reported about that to the company. On the other hand without exploiting the security hole he cannot confirm that there exists such a vulnerablity. On the other hand i term it as without violating the policy of the company he cannot check that the exploit which he smells is really an exploit or not. Now that he had done it and reported to the company.

Now the company does not respond at all after intimating them several times about the same. Now is the User who found the exploit can be busted under law ? because he had exploited the security hole though he has informed the company ?? The confusing issue here will be what if the company to which he reported dont get back for all the intimation that he has made ?? I personally feel that this means the company is trying to figure out the exploit by itself.

So in such a situation what is to be done. A normal user finds an exploit, confirms it by testing that, he reports to the company but gets no reply. The user is tempted to check that exploit again and again to check whether it is fixed and he sends intimation to the company again and again. But no response. What should be done ??
Back to Computer Security Issues & Exploits · Next Unread Topic →

Reply to this topic


This post will need approval from a moderator before this post is shown.

  


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Discuss Anything
  2. Main
  3. Computers
  4. Computer Security Issues & Exploits
  5. Welcome - Start here! - Free Web Hosting