[Infowarrior] - Researchers Find Vulnerability That Enables Accounting Fraud, PwC Decides The Best Response Is A Legal Threat

[Richard Forno]

(Some idiocy never changes.  -- rick)

Researchers Find Vulnerability That Enables Accounting Fraud, PwC Decides The Best Response Is A Legal Threat

from the you're-not-helping dept

For years now, we've noted that some companies apparently think it's a good idea to punish security researchers that expose vulnerabilities in their products, even when the researchers use the proper channels to report their findings. This kind of absurdity runs hand-in-hand with international attempts to criminalize security research -- or the tools researchers use -- to do their jobs. Obviously, this kind of behavior has one tangible end result: it makes all of us less secure. 

The latest chapter in this saga of myopic bumbling comes courtesy of PwC, which for whatever reason decided that the best response to a major security flaw found in one of the company's products was to to fire off a cease and desist letter aimed at the researchers. More specifically, Munich-based ESNC published a security advisory earlier this month documenting how a remotely exploitable bug in a PwC security tool could allow an attacker to gain unauthorized access to an impacted SAP system. 

The advisory was quick to point out that the vulnerability could allow a hacker to manipulate accounting documents and financial results and commit fraud, if they were so inclined .... 

< - >

https://www.techdirt.com/articles/20161213/07484536261/researchers-find-vulnerability-that-enables-accounting-fraud-pwc-decides-best-response-is-legal-threat.shtml

--
It's better to burn out than fade away.