?Hospital leaks patient records?, ?Public transport smartcard has more holes than a sieve?, ?Mobile banking app unsafe? ? it seems that everything can be hacked these days. Fortunately, the person who discovers a flaw is not necessarily a cybercriminal but is often someone who wants to help improve cyber security. He or she immediately contacts the system owner so that the problem can be solved. A well-coordinated approach allows everyone to learn from the exercise we call ?responsible disclosure?.
The Netherlands is a world leader in responsible disclosure. The Dutch like to resolve conflicts through a process of general consultation: the famous ?polder model?. This seems a particularly appropriate approach in the realm of IT and cyber security, since there is no central authority with overall responsibility but many diverse players, each responsible for their own tiny part of a vast and complex system.
In this book, we hear from the hackers, system owners, IT specialists, managers, journalists, politicians and lawyers who have been key players in a number of prominent disclosures. Their stories offer a glimpse into the mysterious world of cyber security, revealing how hackers can help us all.
– Send me an e mail if you would like to purchase more than ten books and get a discount, or if you would like me to give a presentation.
1. Introduction 1
2. Radboud opens the gates 17
3. Crypto is not a cultural expression: disclosure is 30
4. Leaking like a sieve 39
5. @brenno and the superhits 46
6. DongIT and the DigiD debacle 58
7. @okoeroo and the Veere pumps 66
8. Then we?re all going to get wet 77
9. @UID_ calls the navy 89
10. @floorter: a man in the middle 96
11. @legosteentje earns a white hat 102
12. @jmschroder calls the Habbo helpdesk 109
13. Hacker Krol gets too much out of the closet 118
14. Verdier and the crisis team 132
15. @bl4sty and the ten million modems 142
16. The hash of Dismantling Megamos 146
17. Time for policy 152
18. The other side of the Groene Hart 169
19. Bonnie the hacking (supposed) housewife 177
20. Free books for @iliaselmatani 193
21. @1sand0s and the ethics committee 199
22. @rickgeex gets there eventually 204
23. Beg and the Bug Bounties 212
24. @0xDUDE, the biggest dude of ?em all 221
25. Going Global 228
26. Behind the scenes 239
I. Thanx! 244
II. Responsible disclosure: suggested web text 247
III. RTFM: the glossary 249