319
IT consultant in Germany fined for exposing shoddy security
(www.theregister.com)
This is a most excellent place for technology news and articles.
I hope it gets reversed in the next instance. The judge had it absolutely wrong. And the consultant did not expose it, but told the company directly that he is able to read the admin password without an effort. They sued for telling them. That's absolutely the worst thing to do.
The people that write laws and the systems that enforce laws are inept to an unbeliavable degree when dealing with anything cyber related so I have less than zero expectations that this gets reversed and actually expect a worse outcome should there be an appeal.
Because somehow only the most incompetent morons appear to be able to make it to judge or law maker.
The problem is that any judge can judge any domain they have zero knowledge about. They're just expected to understand complex systems because they're educated, and only required to know law (often not even that). The way it should be is that judges making decisions about complex domains should require a level of understanding or specialisation in that domain — judges judging cybersecurity should also have a background in some sort of computer science or engineering discipline.
Otherwise we're just allowing "the internet is a series of tubes" people to dictate human progress.