Access your Pro+ Content below.
Can a computer security researcher go too far?
This article is part of the January/February 2012 issue of Information Security magazine
Centuries of literary works and real-life scenarios have depicted the battle of good versus evil: God versus Satan; Hamlet vs. Claudius; Darth Vader vs. Luke; Cubs vs. Sox; NBA players vs. NBA owners. In the security community, it’s the Security Researcher vs. the Corporation. The reality is that in most of these scenarios, the characters are simply flawed or have differing agendas, neither of which are truly good or evil. I have been following the security community for 15 years and I have seen the good, the bad and the ugly associated with researchers releasing their findings and the corporate responses. It is a point of constant conflict in the industry. A few cases have led me to question whether computer security researchers can go too far and whether the companies they research really are the bad guys: George "GeoHot" Hotz “mod’ing” the Sony PlayStation console; Patrick Webster vs. First State Superannuation in Australia; and Charlie Miller vs. Apple. In each case, I draw an analogy to buying a riding lawn mower. I ...
Features in this issue
Attackers are targeting new vectors such as smartphones, social media and cloud services. Enterprises need to up their game.
Managing mobile device risks tops the list of priorities for security pros this year.
A rash of CA breaches shows up weaknesses in the SSL infrastructure. Take action to protect your customers and employees.
Security experts say there are better alternatives to copyright protection.
Columns in this issue
An examination of three cases illustrates that it’s not always a clear case of good vs. evil.
Security expert Marcus Ranum talks with Joel Yonts, a seasoned security executive with a passion for information security research.
Prominent security and Internet thinkers and leaders have become an effective lobby on Capitol Hill and played a big role in squashing SOPA.