[kictanet] Revealing Security Holes vrs "The Rogue Tracker" type of stories

wesley kiriinya kiriinya2000 at yahoo.com
Mon Apr 20 09:07:20 EAT 2009


I believe that the ICT bill makes it illegal for someone to reveal security holes in IT systems. However doesn't investigative journalism stories like the recent "The Rogue Tracker" reveal 'security holes'? So what makes that legal? If one was to discover a security hole in a system, then one can do their own investigative journalism then reveal everything about the security hole.
 
I believe the tracking system is an IT system. And it seems a security hole was revealed. It's like saying half of the companies that claim to have installed a particular firewall might not really have the firewall installed.
 
Revealing security holes might be a necessary evil. Just like how some people might have lived with the false security about their cars, some people might be living with false security about their personal info in IT systems. Just the other day someone posted that s/he had bought something which was wrapped by paper containing security authentication credentials from a bank. Another post showed the lack of experience of a local bank's website programmers that allowed anyone to get the password of one of the subjects in their database system. Now all the funky possible stuff is left to the hacker's imagination who might be sitting in the middle of Migingo, sorry, Mijinjo.
 
o_O?


 


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20090419/d65d1548/attachment.htm>


More information about the KICTANet mailing list