@WPalant Did the court's judges also study CS? I feel like they didnt, you can easily find out that password by disassembling the binary when its hardcoded or sniffing on network traffic locally.
Top-level
@WPalant Did the court's judges also study CS? I feel like they didnt, you can easily find out that password by disassembling the binary when its hardcoded or sniffing on network traffic locally. 1 comment
|
@luna I don’t think it mattered here how exactly the password was determined – the ruling is based solely on the fact that a password exists, completely ignoring how easily it could be found. Even if the vendor failed to use TLS for that MySQL connection and is sending everything in plain text, looking around in that database to determine that it isn’t only your data would still be considered a law violation.
I hope that a higher court instance will produce a more sensible definition of “protection.”
@luna I don’t think it mattered here how exactly the password was determined – the ruling is based solely on the fact that a password exists, completely ignoring how easily it could be found. Even if the vendor failed to use TLS for that MySQL connection and is sending everything in plain text, looking around in that database to determine that it isn’t only your data would still be considered a law violation.