Sponsor's Message

Naturally I'm not going to disclose the nature of the vulnerability but suffice to say that if anyone wanted, I could get my hands on a lot of names and email addresses.

Naturally this raises the issue of NZ's anti-hacking laws and whether, by verifying the vulnerability reported to me by a reader, I've become a "hacker" in the eyes of the law. I'd like your opinions on this.

Now have your say Got something to say about today's column, or want to see what others think?  Visit The Forums While you're here, why not visit the Aardvark Hall of Shame and perhaps make your own nomination. 7

This case however, raises a possibly more important issue: that of whether a site that fails to adequately protect the information given to it by visitors should be held responsible if negligence or incompetence allows that information to be stolen.

And, if such culpability is established, should the blame fall on the operators of the website or on those who were commissioned to design and implement it?

If you're a web-developer, do you have insurance against potential law suits if one of your customers suffers loss or damages as a result of an error on your part?

Could it be time for a certification authority to be implemented?

I'm talking about an organisation that can vet and endorse those sites that accept potentially valuable information from people.

Just as we now have the Verisign and other symbols to denote that a site has an authentic SSL certificate, should we also be demanding that sites which accept our email address or credit card details also carry a "Security Audited" certification to give a greater peace of mind?

Right now many of you are probably asking "who cares if someone steals a few email addresses?"

Well anyone who's had their primary email address added to a spam list will know how much hassle that can be.

When it comes to online security, most users just throw an anti-virus program on their PC and cross their fingers. What's worse is that far too many website developers still fail to get an independent audit of the sites they've built -- and hence we end up with gaping holes that expose information to any evil little hacker with half a brain.

How do you rate Kiwi security standards, both at the user-end and on websites?

Do you usually give a site the quick once-over for obvious holes before submitting potentially valuable information?

Tell us all and see what others have to say in The Aardvark Forums

If you feel that this is a good thing and/or you hold a "geniune affection" for yours truly -- then you are welcome to gift me some money using the buttons provided. In gifting this money you accept that no goods, service or other consideration is offered, provided, accepted or anticipated in return. Just click on the button to gift whatever you can afford. NOTE: PayPal bills in US dollars so don't accidentally gift more than what you were intending :-)

Contacting Aardvark
I'm always happy to hear from readers, whether they're delivering brickbats, bouquets or news tip-offs. If you'd like to contact me directly, please this form. If you're happy for me to republish your comments then please be sure and select For Publication.

Other media organisations seeking more information or republication rights are also invited to contact me.

Just add a couple of lines of JavaScript to your pages and you can get a free summary of Aardvark's daily commentary -- automatically updated each and every week-day.

Aardvark also makes a summary of this daily column available via XML using the RSS format. More details can be found here.

Contact me if you decide to use either of these feeds and have any problems.

Linking Policy
Want to link to this site? Check out Aardvark's Linking Policy.

Did you tell someone else about Aardvark today? If not then do it now!