After Australian security researcher Patrick Webster recently alerted his investment fund First State Super of a glaring, blaring security lapse - a lapse so duh-licious, it ranks at #4 on OWASP’s top 10 list of application security risks - he was thanked with a legal threat and notice that he just might be billed for the security fix.
As brought to light by Patrick Gray on Risky.biz, First State Super's law firm on Oct. 14 sent Webster a letter demanding that he turn over his computer.
According to Gray's account, First State Super threatened to track down the costs incurred "in dealing with this matter" if Webster does not agree to delete all information he obtained by demonstrating the flaw and promise to never attempt to access other member information again.
Complete article:
http://nakedsecurity.sophos.com/2011/10/19/researcher-security-flaw-threatened/
