| ▲ | petcat 15 hours ago |
| It doesn't matter if you brute forced their crappy login with commonly-used credentials. You think it's OK for someone to rummage around in your garage just because they correctly guessed your keycode was 12345? Of course not. |
|
| ▲ | RankingMember 15 hours ago | parent | next [-] |
| Doesn't this posture also criminalize white-hat hackers, whose disclosures would protect you from the people who actually want to do damage? |
| |
| ▲ | ecb_penguin 14 hours ago | parent | next [-] | | > Doesn't this posture also criminalize white-hat hackers, whose disclosures would protect you from the people who actually want to do damage? There is no law for "white-hat hackers". You don't get to break into a system because the color of your hat. "White-hat hackers" have contracts, or very specific rules of engagement. Having run many a bug bounty, if someone was malicious, we would absolutely work to prosecute. You can also find bugs in software freely, as long as you don't obtain unauthorized access to other people's systems. | | |
| ▲ | tptacek 14 hours ago | parent [-] | | This isn't true: there is, jurisdictionally dependent and I think also dependent on DOJ norms, a broad exception for good-faith white hat vulnerability research that would otherwise violate CFAA. Like I said, CFAA is very complicated in practice. |
| |
| ▲ | dpassens 14 hours ago | parent | prev [-] | | (I don't know enough about the CFAA to know whether this is true so I'll assume it is.) To continue the garage door analogy, you wouldn't walk up to any random garage door and try code 12345 to help protect the owner's stuff, would you? | | |
| ▲ | RankingMember 12 hours ago | parent [-] | | To stick with this analogy: I think a white hat equivalent would be more like driving down the street with a garage door remote set to a default code and then notifying anyone whose door opens in response that they should change their code. I don't think that should be illegal. |
|
|
|
| ▲ | account42 14 hours ago | parent | prev | next [-] |
| You think walking through an unlocked door should result in federal charges? |
| |
| ▲ | ptero 13 hours ago | parent | next [-] | | Walking through an unlocked door that has a sign "private property, do not enter", searching for sensitive information, finding it and exposing it surely could. Or not, depending on how the party who owns what's inside that door feels. But if it feels he should be prosecuted, then hell yes, the state should do that. My 2c. | |
| ▲ | Ekaros 14 hours ago | parent | prev | next [-] | | So what about using rakes or bump keys? Very low tech, very easy. Can defeat some poor quality locks. | |
| ▲ | petcat 14 hours ago | parent | prev [-] | | So now the door is unlocked?? Where are the goal posts? Don't mess with people's stuff if they don't want you to. This seems very simple to me. But I'm aware that you're trying to find some fringy gray area where you think it will be OK to mess with people's stuff even though they don't want you to. | | |
| ▲ | Dylan16807 4 hours ago | parent [-] | | If we're making an analogy to the Weev case then yes the door was unlocked, with the explicit intent that the general public could come through that door and access some of the documents. |
|
|
|
| ▲ | boston_clone 15 hours ago | parent | prev [-] |
| I'm more focused on the assertion that "The CFAA isn't super complicated." Which raises sincere doubts about the commenter's credibility to make such a claim. |
| |
