Skip to main content

Charges Dropped Against Pentesters Paid To Break Into Iowa Courthouse

Prosecutors have dropped criminal charges against two security professionals who were arrested and jailed last September for breaking into an Iowa courthouse as part of a contract with Iowa's judicial arm. From a report: The dismissal, which was announced on Thursday, is a victory not only for Coalfire Labs, the security firm that employed the two penetration testers, but the security industry as a whole and the countless organizations that rely on it. Although employees Gary DeMercurio and Justin Wynn had written authorization to test the physical security of the Dallas County Courthouse in Iowa, the men spent more than 12 hours in jail on felony third-degree burglary charges. The charges were later lowered to misdemeanor trespass. The case cast a menacing cloud over an age-old practice that's crucial to securing buildings and the computers and networks inside of them. Penetration testers are hired to hack or break into sensitive systems or premises and then disclose the vulnerabilities and techniques that made the breaches possible. Owners and operators then use the information to improve security. "I'm very glad to hear this," said a professional pentester when I told him the charges were dropped (he prefers to use only his handle: Tink). "Clients and security firms have an obligation to protect their pentesters and consultants. Pentesters are not criminals. Pentesters help organizations protect against criminals."


from Slashdot: News for nerds, stuff that matters https://ift.tt/2Og3s9I
via IFTTT

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

An AI Epidemiologist Sent the First Warnings of the Wuhan Virus

An anonymous reader shares a report: On January 9, the World Health Organization notified the public of a flu-like outbreak in China: a cluster of pneumonia cases had been reported in Wuhan, possibly from vendors' exposure to live animals at the Huanan Seafood Market. The US Centers for Disease Control and Prevention had gotten the word out a few days earlier, on January 6. But a Canadian health monitoring platform had beaten them both to the punch, sending word of the outbreak to its customers on December 31 . BlueDot uses an AI-driven algorithm that scours foreign-language news reports, animal and plant disease networks, and official proclamations to give its clients advance warning to avoid danger zones like Wuhan. Speed matters during an outbreak, and tight-lipped Chinese officials do not have a good track record of sharing information about diseases, air pollution, or natural disasters. But public health officials at WHO and the CDC have to rely on these very same health of...
Post a Comment
Read more

4 Trends that are Transforming the Future of Healthcare

4 Trends that are Transforming the Future of Healthcare Yoav Vilner / AI , Health , ReadWrite From drinking one’s own urine as a cure for broken bones to blood-letting to sending electrical shocks through a person’s body as a cure for mental illness — healthcare has a somewhat jaded past. Fortunately, as technology has improved our ability to study human physiology, medical professionals have become increasingly adept at diagnosing and curing […] from ReadWrite - The Blog of Things https://ift.tt/37qWAxu via IFTTT
Post a Comment
Read more

New Web Service Can Notify Companies When Their Employees Get Phished

Starting today, companies across the world have a new free web service at their disposal that will automatically send out email notifications if one of their employees gets phished . From a report: The service is named " I Got Phished " and is managed by Abuse.ch, a non-profit organization known for its malware and cyber-crime tracking operations. Just like all other Abuse.ch services, I Got Phished will be free to use. Any company can sign-up via the I Got Phished website. Signing up only takes a few seconds. Subscribing for email notifications is done on a domain name basis, and companies don't have to expose a list of their employee email addresses to a third-party service. Once a company's security staff has subscribed to the service, I Got Phished will check its internal database for email addresses for the company's email domain. This database contains logs from phishing operations, with emails for phished victims. from Slashdot: News for nerds, stuff tha...
Post a Comment
Read more