This article comes from Schneier, and it is just yet another example of why banning of legitimate security research, or even condemning it, is bad. This is similar to the Dutch research team that hacked the RFID transit system cards (that were also being used for access to secure government buildings). The company who manufactured the cards tried to sue, while the Dutch courts upheld the freedom of speech and research of the students. The real problem was the flaw inherent in the system itself, and not with the announcement of the flaw. The Chinese had been cloning the cards on the black market for up to a year before the Dutch researcher even found it.
Disclaimer: The information I gave above about the situation in the Netherlands is rehashed from a presentation of that a Dutch reporter (forgot his name) who was deeply involved in the event gave at DefCon 16. No, I will not cite my source. This is a blog.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment