Okay, That right there is pathetic https://thehackernews.com/2019/02/... .

First of all telekom was not able to assure their clients' safety so that some Joe would not access them.
Second of all after a friendly warning and pointing a finger to the exact problem telekom booted the guy out.
Thirdly telekom took a defensive position claiming "naah, we're all good, we don't need security. We'll just report any breaches to police hence no data will be leaked not altered" which I can't decide whether is moronic or idiotic.

Come on boys and girls... If some chap offers a friendly hand by pointing where you've made a mistake - fix the mistake, Not the boy. And for fucks sake, say THANK YOU to the good lad. He could use his findings for his own benefit, to destroy your service or even worse -- sell that knowledge on black market where fuck knows what these twisted minds could have done with it. Instead he came to your door saying "Hey folks, I think you could do better here and there. I am your customes and I'd love you to fix those bugzies, 'ciz I'd like to feel my data is safe with you".

How on earth could corporations be that shortsighted... Behaviour like this is an immediate red flag for me, shouting out loud "we are not safe, do not have any business with us unless you want your data to be leaked or secretly altered".

Yeah, I know, computer misuse act, etc. But there are people who do not give a tiny rat's ass about rules and laws and will find a way to do what they do without a trace back to them. Bad boys with bad intentions and black hoodies behind TOR will not be punished. The good guys, on the other hand, will.

Whre's the fucking logic in that...

P.S. It made me think... why wouldn't they want any security vulns reported to them? Why would they prefer to keep it unsafe? Is it intentional? For some special "clients"? Gosh that stinks

  • 1
    “When Magyar Telekom detected an "uninvited" intrusion on their internal network, the company on same day reported the incident to the police, leading to his arrest.”

    Sounds like he got caught and didn’t prove good intentions.
  • 0
    @xalys didn't he report his first batch of vulns to telekom? The ones that didn't even trigger their security alerts? Isn't that 'good intentions'?

    Didn't he continue his investigation for more bugs after he was booted, just to report them later?

    All I see is a concerned citizen, concerned about his ant the whole nation's safety. Maybe the story missed a fact or two that would draw him as a bad guy. Maybe. Maybe not. But current version of the story psints him in bright colors
  • 0
    @netikras First time he got a slap on the wrist, this is where he should have stopped. Question is why he didnt stop after first warning? He should know better. I can go to a shop and steal a tv and claim that I found a security hole, but they will still call police.
  • 0
    @zemaitis steal? Who stole what? What data did the chap steal? The article does not mention anything about stealing stuff.

    If I report to the police that national archive's building has a huge crack in the wall which could be exploited to steal data, am I a criminal?
    Suppose they gave me a slap as well. Next time I walk past that same building I see a piece of fence us missing, I lean over to have a look what's happening, whether there's some construction ongoing or should I call police. Am I a criminal now deserving 8 yrs in prison?

    Also do not compare a TV and personal dats nation-wide. They are like apples and trains.
  • 2
    Just let's settle down worldwide that if you've found a security breach, never notify with your public identity.
    It's pointless and dangerous, especially if your country doesn't have any regulation (about security research) in this regard.
  • 1
    @h4xx3r I agree.

    And while you're anonymous.. Feel free to exploit the vuln however you please. Cuz what's the diff? Bcz either you are to exploit or not it doesnt matter - you'll be treated as an enemy anyway. So why not have some fun
Add Comment