Ask HN: Did you test for the heartbleed vulnerability without permission?
Checking services for vulnerabilities without permission is quite likely illegal in many countries (UK in particular). Did you knowingly break the law yesterday testing for it?
Do you think it should be legal to do vulnerability checks like this?
2 comments
[ 3.5 ms ] story [ 15.6 ms ] threadCompared to just checking it with a script that takes several seconds to run, this was pretty ridiculous.
I rely on the good grace of my employers and my banks not to press charges for this. Of course I commit many other felonies regularly also.[1]
Yes, I think it should be legal to do this sort of vulnerability test, but I doubt that the legislature (or even myself, if I were made dictator) has the ability to write a law that criminalizes "bad" exploit abuse while allowing "good" exploit abuse.
[1] - http://www.threefeloniesaday.com/Youtoo/tabid/86/Default.asp...