Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The problem is with the e-mailing part. A mom&pop is unlikely to track you down if you lock out their DB, but they'll likely report you to police if you contact them about it.


Is an email from an anonymous address easier to trace than remote database commands?


Yes. You need good logging on the vulnerable DB to trace the command - and if your DB is vulnerable it's a good bet you forgot the logging too.

Emails have a bunch of info in the headers, so there is more meta-data in the email it self.

Neither is perfect for finding the culprit but one scenario has zero meta-data and the other has some.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: