Sensationalist Security Journalism

IDTheftI just read a post on “21st Century IT” that states “So when a white hat hacker approaches you with information regarding a vulnerability in your network, they should be thanked, not treated like a criminal...”

These reporters decided to take advantage of the fact that a company had exposed sensitive information in order to write-up yet another exploitative article. If they were acting ethically, they would have notified the company discretely, rather than demanding the COO make an on-camera interview regarding the issue. Look up the term “responsible disclosure”.

They are not white hat hackers, they are sensationalist journalists.  If they downloaded the files, their actions are in conflict with the law.

If you had left your back door unlocked, would you appreciate me rattling the doorknob, then posting a big neon lit sign on your front door advertising the fact that the back door is wide open?  Would you mind if I took your TV and microwave just to prove to your neighbors that I had done it?  Yes, the company handled the data poorly. Yes, they should be accountable for handling the data poorly. Yes, the reporters COULD have done the public a service by bringing the issue to the company’s attention with screenshots. Yes, the reporters should expect to be treated in a hostile manner, as that is what they have projected.

Just my humble opinion.

Advertisements