Kevin Finisterre admits that he likes to hew close to the ethical line separating the "white hat" hackers from the bad guys, but little did he know that his company"s actions would draw threats of a lawsuit from Hewlett-Packard.
This summer, the consultant with security firm Secure Network Operations had let HP know of nearly 20 holes in its Tru64 operating system. But in late July, when HP was finishing work to patch the flaws, another employee of Finisterre"s company publicly disclosed one of the vulnerabilities and showed how to exploit it--prompting the technology giant to threaten litigation under the Digital Millennium Copyright Act.
The issue pits two extremes against one another. At one end are the corporate-security experts who wear their metaphorical white hats because they adhere strictly to regulations and tend to believe that software vulnerabilities should be disclosed only to the software maker or a trusted third party. At the other are the black hats who are generally interested only in gaining access and breaking security.
"As more laws come out, you are going to have to make a decision on which side of the fine line you want to be--black hat or white hat,"
In recent months, hackers of all backgrounds have been forced to rethink their practices while facing a roundhouse combination of the DMCA, heightened law enforcement activity and deeper scrutiny by employers.