Jeff Moden (7/28/2014)
From the article:
However it's usually not your company, and it's not your place to prove that there is a flaw in a system. It's especially true that it's not your place to prove things without having been given permission to do so. Proving a point on your own is something children do, not professionals.I totally disagree as written above especially when it comes to private information such a Social Security Numbers. It [font="Arial Black"]MUST [/font]be proven if it exists and action must be taken. I consider it to be one of those unwritten laws that is the responsibility of every IT worker.
I DO, however, totally disagree with the manner in which David Helkowski did his proof. There's no way in hell that I'd prove a security violation by violating someone's privacy by posting their hacked SSN on something like Reddit. A private email to that person should have sufficed. If no action was taken to fix the security problem, then there are proper channels to certain agencies to correctly and properly report such a problem.
So, with mixed emotion, I applaud David Helkowski for all of his actions EXCEPT for posting private information on a very public website. I say "mixed emotion" because, on the other hand, he's getting what he deserved for being too freakin' lazy to do things the right way.
Jeff, I agree with you and Steve both. Steve focused his comments on the manner Helkowski chose, specifically tp "prove there is a flaw" in an illegal manner. You seem to be saying that he should have acted, but in a different manner. My other post was an attempt to say the same thing as you are. I deleted the part I was going to post that in some way supported Helkowski's views, and am glad I did because you said it much better.
Dave