Security researchers often use conference platforms such as DefCon and RSA to announce newly discovered security tools
Question:
Security researchers often use conference platforms such as DefCon and RSA to announce newly discovered security tools or bugs/vulnerabilities. Often these conferences are controversial. They invite careful ethical reflection on the potential harms or potential benefits of such disclosures, particularly given the competing interests involved.
Here are two examples of such disclosures and your required:
A. At DefCon, security researcher Anthony Rose presented the results of his testing of security products in the emerging market of Bluetooth-enabled door locks. He found that of the 16 brands of locks he purchased, 12 had profoundly deficient security, including open transmission of plain-text passwords, the ability to easily change admin passwords and to physically lock out users, and vulnerability to replay attacks and spoofing. Some of the locks could be remotely opened by an attacker a half-mile away.
Rose contacted all the manufacturers of the poorly designed locks, but only one responded to his findings. Another shut down its website, but continued to sell its product on Amazon. Rose had been following the news and noted a stark increase in robberies at locations using the insecure locks. Rose felt that he should do something, but was afraid of being sued. He considered anonymous whistle blowing to the media, making a report to the consumer safety regulator, and even giving his information to one of the few companies that made GOOD bluetooth locks, so that they could use it in their advertising.
REQUIRED: Assuming Anthony lives and works in the USA, explore / describe his alternatives from a LEGAL and from an ETHICAL perspective both. DO NOT use only the alternatives provided - think of other ones as well. Provide 3 strong and professional LEGAL references. 750last-minute words minimum. (15% of this assignment) https://www.engadget.com/2016/08/10/researcher-finds-huge-security-flaws-in-bluetooth-locks/
B. Also at Defcon, two members of Salesforce's "Red Team" (offensive security experts) were scheduled to present (under their Twitter handles rather than their professional names) details of their newly developed security tool Meatpistol. This tool is an automated 'malware implantation' tool designed to aid security red teams in creating malware they can use to use to attack their own systems. This is turn should allow them to better learn their own systems' vulnerabilities and design more effective countermeasures.
Meatpistol functions more or less as any malware-generation tool does, able not only to generate code to infect systems, but also able to steal data from them. The tool reduces the time needed to create new forms of malware from days to minutes, which is very important since "Red Teams" are extremely busy and expensive for companies to maintain. open-source
The two members of Salesforce's "Red Team" hoped to make Meatpistol's code public after the presentation, with the view that as an open source tool, it would allow the community of security researchers to improve upon it further750 last-minute. However, as with any malware-generating tool, making it open source would also inevitably invite black hat hackers to use it for malicious purposes.
Just prior to the presentation, an executive at Salesforce instructed the "Red Team" members not to release Meatpistol's code. Shortly thereafter, instructed them to entirely cancel the previously approved presentation. Both team members felt that a last minute cancellation would harm their professional reputations. They also felt that to do so was to deprive the audience of something for which they had paid. After some discussion among themselves, the team members went ahead with the presentation BUT obfuscated all the technical details. They also did not release the code.
As a result, both team members were fired for cause, lost all their shares in the company, lost their pension and benefits and were blacklisted by Salesforce.
REQUIRED:
Assuming the team members work for Salesforce CANADA and live in Toronto, discuss the LEGAL and ETHICAL aspects of this scenario. Provide 3 strong and professional LEGAL references. 900 words minimum. (20% of this assignment) PLEASE CONTINUE READING FOR THE REST OF THE ASSIGNMENT.
International Marketing And Export Management
ISBN: 9781292016924
8th Edition
Authors: Gerald Albaum , Alexander Josiassen , Edwin Duerr