[Owasp-rochester-announce] Question: Is this extortion or security consulting?
dsteven8 at rochester.rr.com
Sun Oct 4 14:29:37 EDT 2009
I saw this in LinkedIn in the Question and Answer section. People are
calling this payment extortion. Is that a correct view, or is the hacker
protecting consumers from poor security provided by corporations? Unstated
in this description is whether consumer identity information, such as credit
card numbers and/or social security numbers, were at risk of disclosure.
Also unstated is whether company assets, or revenue, were at risk due to the
security flaw. Were the security risks easily preventable, such as security
risks caused by SQL Injection attacks?
How to recognize on the financial statements a payment to a hacker, that
stops him from posting a security flaw on the internet?
A payment of 100,000 was made to keep the flaw of the program from being
public, how would this payment be recognized on the financial statements?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-rochester-announce