Jeff Moden (7/28/2014)
From the article:
However it's usually not your company, and it's not your place to prove that there is a flaw in a system. It's especially true that it's not your place to prove things without having been given permission to do so. Proving a point on your own is something children do, not professionals.I totally disagree as written above especially when it comes to private information such a Social Security Numbers. It [font="Arial Black"]MUST [/font]be proven if it exists and action must be taken. I consider it to be one of those unwritten laws that is the responsibility of every IT worker.
I DO, however, totally disagree with the manner in which David Helkowski did his proof. There's no way in hell that I'd prove a security violation by violating someone's privacy by posting their hacked SSN on something like Reddit. A private email to that person should have sufficed. If no action was taken to fix the security problem, then there are proper channels to certain agencies to correctly and properly report such a problem.
So, with mixed emotion, I applaud David Helkowski for all of his actions EXCEPT for posting private information on a very public website. I say "mixed emotion" because, on the other hand, he's getting what he deserved for being too freakin' lazy to do things the right way.
Agree. His simplest mistake was his biggest, in my opinion. When he raised the issue internally he did not ensure that the person he informed took responsibility of informing the client nor did take on that responsibility himself. Had that one thing been clear then it would never has escalated for him.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!