Reply to post: Re: The law is fine and doesn't need changing

Yes, Prime Minister, rewrite the Computer Misuse Act: Brit infosec outfits urge reform

Hans Neeson-Bumpsadese Silver badge

Re: The law is fine and doesn't need changing

If a "security person" wants to "test" the vulnerabilities of someone's computer, then they should ask permission from the owner of the computer before conducting such testing. Otherwise anyone could claim after being caught that he was a "white hat" merely "testing security".

Agreed. All the times I've been involved with security testing, there's been paperwork agreed between the client and the testers with words to the effect of "you're going to do something naughty, but it's OK because we've asked you to (so that we know how to detect/stop other people from being naughty)" and that makes common sense. Therefore there is no "unauthorised" activity.

I've always been a bit mystified as to why people who, without any solicitation, try to break into networks and snoop around are in some way considered to be heroic in their actions because they are highlighting weaknesses in someone's security. Outside of cyberspace, it's the equivalent of going down the street trying to pick doorlocks to get into peoples' houses, just so you can tell someone that they need to replace their aging Yale....something which feels both wrong and creepy in equal measure.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020