Home opinion-and-analysis Open Sauce Kid who found PTV website flaw deserves a medal

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Kid who found PTV website flaw deserves a medal Featured

Sixteen-year-old Joshua Rogers should be given a medal and a financial reward for having found out that the website of Public Transport Victoria was poorly built, to the extent that it could reveal the personal details of users.

Instead of that, the authorities are trying to give the lad a criminal record. That will certainly encourage young, curious minds, the future of this country, to push the boundaries and find out things which can benefit the public.

What did the kid do? According to reports, he found a weakness in the website of Public Transport Victoria. Did he try to profit from it? No, he contacted as many people in PTV as he could using their email addresses which he obtained from LinkedIn and told them about it. It was only on January 6, after Rogers had spoken to a reporter and that reporter contacted PTV for their take on the matter, that someone responded to his email.

And then PTV upped the ante by reporting the matter to the police. Way to go, PTV.

By the way, this is the same PTV that has given Melbourne its half-arsed myki ticketing system at a cost of well over a billion dollars - when the technology for an off-the-shell system like London's Oyster or Brisbane's Go card could have been purchased for less than a third of that amount.

It is probably too much to expect such an organisation to react in a logical manner. It is bothered only about one thing - its public image. After all that it has done, the organisation is now little more than a joke.

Year after year, when Australians hear of kids from other countries finding out things that lead to the creation of companies that yield enormous value to the exchequer, they cry themselves hoarse and complain that initiative is never rewarded in this country. They are right to do so.

But when they hear of kids like Rogers, who are undoubtedly brainy in one direction, kids who can be top-notch security experts if they were sent to the right people for training, what do they do? They stay silent.

The bureaucratic mind can conceive of only one response in cases like this: generate enough fear so that the next time some crud company builds a website that has holes big enough to drive a truck through and a curious teen finds out, he or she will keep their mouths shut.

After all, the reputation of said company is more important that data security, isn't it?

Linus Torvalds, the creator of the Linux kernel, was a nerdy teen too. If his parents had ferreted him out so he could indulge in so-called wholesome activities, we would never had a kernel which today is probably running some device or the other in at least one house out of 10 in practically every country on the face of the earth.

Steve Wozniak planned most of the material that went into building the Apple I during his office hours at HP. Finally, when he was ready to build it in actuality, he told the company what he had been doing and asked if they would like to market it. What was HP's response? Did they try to sue Wozniak for doing his own work on company time? Did they seize all his material and call in the police?

One can call HP foolish for not deciding to take advantage of Wozniak's honesty and fund the creation of what has become the most valuable technology company on the face of the earth. But did they tie him up in legal issues because he had developed something on company time, something he was not supposed to do? Did they fire him? The answer is a big NO.

Teens, by nature, are curious. They experiment with everything - and so they should. If they do not, Australia will end up becoming a nation of morons, who can only act like robots, who look for precedent to justify everything they do.

Australia is well on the way to justifying the label of being anything but the clever country. Dumb would be a better description. Only that can account for the fact that it is American journalists who have taken up cudgels on behalf of Rogers.

The next time a curious kid finds a vulnerability in the website of a big company, what should he or she do? Try to do the right thing as Rogers did? Or make a quick buck by informing one of the hundreds of thousands who make a living by selling data of this kind?

The police, politicians and bureaucrats should seriously consider what kind of message they are sending to the next generation by their actions in the Rogers case. And half-educated consultants who are spreading fear, uncertainty and doubt about Rogers would be well-advised to think before opening their big mouths.

FREE WHITEPAPER - REMOTE SUPPORT TRENDS FOR 2015

Does your remote support strategy keep you and your CEO awake at night?

Today’s remote support solutions offer much more than just remote control for PCs. Their functional footprint is expanding to include support for more devices and richer analytics for trend analysis and supervisor dashboards.

It is imperative that service executives acquaint themselves with the new features and capabilities being introduced by leading remote support platforms and find ways to leverage the capabilities beyond technical support.

Field services, education services, professional services, and managed services are all increasing adoption of these tools to boost productivity and avoid on-site visits.

Which product is easiest to deploy, has the best maintenance mode capabilities, the best mobile access and custom reporting, dynamic thresholds setting, and enhanced discovery capabilities?

To find out all you need to know about using remote support to improve your bottom line, download this FREE Whitepaper.

DOWNLOAD!

Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.

Connect