> > In general, you should probably avoid posting > > information about specific vulnerabilities on > > specific servers. Someday, someone may be held > > liable for negligence for doing that sort of > > thing - I think it's just a matter of time - and > > you probably don't want to be that person. > > I agree, and normally don't do these sort of things, > however there is a long history behind this story. > And I feel that if websites like these HAVE been > given ENOUGH warnings about these security holes > and still DON'T take action, and by doing so put the > personal data of 50.000 clients at stake including > their credit card information, I believe they deserve > to be mentioned. I don't think my mentioning their > names can make responsible for negligence, maybe if > I said go to page xxx and use the following code to > hack their site, would be....
That's the problem with the law - you just can't apply rationality to it. I'm not a lawyer, for what that's worth, but in a civil suit, you're responsible if a lawyer can convince a judge or jury that you're responsible - there's certainly no clear standard, no case law, etc. They may well deserve to be mentioned, in some moral sense, but the law isn't about morals, either. Of course, if you feel strongly enough about it, you may still choose to stand by your beliefs. I just thought it was worth warning you about the potential consequences (you might consider posting such things anonymously, if you feel so inclined). Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
