White hat hacking refers to someone who wants to find vulnerabilities in a particular organisation’s infrastructure to save them from being exploited by real bad guys. Companies usually contract these people to do such work, which is why a 16-year old Victorian schoolboy hacking his way around Public Transport Victoria is now in hot water, despite his best intentions.
The Age reports that the boy found a simple vulnerability in PTV which allowed him to gain access to the main user database. That database includes full names, addresses, contact information and extracts of credit card info. Christ.
The kid contacted PTV to alert them of the problem, but got no response. The organisation has now referred the matter to the police. There’s the possibility that he’ll be charged for his alleged crimes.
The moral of this story? Probably a good idea to ask before you go poking around in someone’s back end. Ahem. [The Age]