[Dataloss] Details on AOL search log disclosure
lyger
lyger at attrition.org
Tue Aug 8 00:21:12 EDT 2006
On Mon, 7 Aug 2006, Joshua Reich wrote:
": " Now that we all have the list -- how ethical are we being by using it, for
": " whatever purposes?
": "
": " Which ethical guidelines apply in this circumstance.
": "
": " (would type more but sliced hand opened a harddrive last night)
": "
": " Josh Reich
Not an easy question to answer, but a good one.
First, AOL did actually remove the original list from their public web
space, which was a wise move. However, they didn't do so until copies
were distributed across the internet. At this point, no legal action will
be able to remove the data from hard drives across the world.
Second, ethics. There will probably be several differing opinions
regarding distribution and use of the list or dataset. Personally, I have
seen raw sets of breached data. Was I happy about it? No. Did it make
me uncomfortable? Yes. Did I seek the opinions of others in the security
industry about viewing said data? Absolutely. The best piece of advice I
received was this: Do no harm. Look, but don't touch. Don't distribute
for commercial gain. Try to understand the data itself, but don't use it
for anything other than self-education.
Side note: make sure any data breach is reported to the appropriate
people, whether company supervisors or law enforcement authorities. If
you know something, they should too.
More information about the Dataloss
mailing list