Divide by Null - undefined

Infinitesimals

Voicemail has its uses, for example, when one won't be able to pick up the phone for awhile, but needs to relay a message immediately, or when other forms of communication are not possible, i.e. e-mail or texting is inconvenient or irrelevant.

However, I still usually end up ignoring it, thus rendering most of the pros as moot.

(1) Oct 10, 08 - 10:18 AM

On the subject of high school friends, just because you're different, doesn't mean you can't be friends.

(0) Jun 17, 07 - 10:41 PM

Pi is wrong.

Well, actually, maybe it would just be better to use what is currently known as 2*pi. I've always thought it would be easier if sine and cosine had periods that were just pi, not 2pi.

So should pi be 6.283185...? Should pi be the ratio of the circumference of a circle to its radius, instead of diameter? If so, it would take about 50 years for this to gain any momentum in the mathematical community.

(0) Apr 20, 07 - 12:07 AM

White hat, black hat, and ethics

Sunday, June 25, 2006 | 3:44:31 PM
Avatar

It seems that one person who tried to help reveal a security flaw to a large university was reprimanded for his actions. In turn, the university did nothing to correct the problem. A few years later, a few people with malicious intent discovered the same flaw and exploited it, extracting personal information (including SSNs) from over 367,000 files.

Those who accidentally encounter a security flaw are recommended to keep quiet about it.

Thus it becomes a question of personal or public safety. If one alerts the company, they may either thank them and fix it, punish them and fix it, or punish them and ignore it. If you keep quiet, you would be aiding the crime a la criminal negligence. Then again, no one would know.

This is definitely not the first time something like this has happened. It's all about ethics, pride, and suspicion. Telling them the flaw is ethical. You'd be helping them and potentially save them from problems in the future. If they have too much pride, they will disregard it and deny having any problem at all. Then, they may also be suspicious, thinking that the white-hat hacker has more to hide and has previously exploited the vulnerability.

Some companies actually employ people to hack into their system to uncover vulnerabilities so that the IT department can fix them. The difference here is that they were given permission.

Let's shift it to me. I know how to crack some Masterlocks. I haven't caused any serious problems aside from switching locks and such, merely in jest. I have not gone in to steal someone's personal items. I have the knowledge, but I don't abuse it. I haven't told anyone how I do it either. I merely point them to the internet, as that's how I found out. I have actually helped people by cracking locks that have found its way to the wrong locker or whose combination has been long forgotten.

The problem is, can we trust people to use such information only for good? Or rather, that they haven't already used it for evil?

And to companies who have been shown a security flaw and ignored it... what's wrong with you!? It's like leaving a time bomb in your office and hoping it won't explode (or say... a levee in New Orleans?). The effort to fix the problem before it's compromised might be time-consuming and tedious, but it's nothing in comparison to the effort required after it gets out of hand. Hey, some people like to gamble, I guess.

| {} | del.icio.us |

0 Comments

Commenting is closed for this entry. (Entry is over 3 months old)