Checking services for vulnerabilities without permission is quite likely illegal in many countries (UK in particular). Did you knowingly break the law yesterday testing for it?<p>Do you think it should be legal to do vulnerability checks like this?
Instead of just testing one supplier, I tried to ask them about their own assessment. It was a very frustrating experience and took 30mins of faffing around and the only answer I got was they hadn't heard about it and were going to look into it (they were a large company btw, other departments of which had issued statements).<p>Compared to just checking it with a script that takes several seconds to run, this was pretty ridiculous.
Yes, yes I did knowingly break the law in doing that test.<p>I rely on the good grace of my employers and my banks not to press charges for this. Of course I commit many other felonies regularly also.[1]<p>Yes, I think it should be legal to do this sort of vulnerability test, but I doubt that the legislature (or even myself, if I were made dictator) has the ability to write a law that criminalizes "bad" exploit abuse while allowing "good" exploit abuse.<p>[1] - <a href="http://www.threefeloniesaday.com/Youtoo/tabid/86/Default.aspx" rel="nofollow">http://www.threefeloniesaday.com/Youtoo/tabid/86/Default.asp...</a>