Wikipedia:Reference desk/Archives/Computing/2021 September 16

= September 16 =

Edit article title.
I have edited the text of the article St Ann's Riots, correcting each instance of "St Ann's" to "St Anns", but how to I correct the article title? Hayttom (talk) 03:20, 16 September 2021 (UTC)
 * Why have you made that change? as far as I can see "St Ann's" is correct. See, for example, this article. DuncanHill (talk) 03:24, 16 September 2021 (UTC)
 * St Ann's, Nottingham is correct. I have reverted the change. See Moving a page for how to change article titles but base it on published sources and don't do it here. If you really insist on an unsourced spelling going against reliable sources then use Requested moves. PrimeHunter (talk) 03:40, 16 September 2021 (UTC)
 * I stand corrected, and thanks to PrimeHunter (talk), so does the article. I will inform the owner of the external source I was using.  Hayttom (talk) 04:28, 16 September 2021 (UTC)

Looking for old news: someone was fired for identifying a security flaw
Some years ago, probably in the ’90s–’00s, I read about someone who found a security flaw in an online system that the company he worked for was using, and when he pointed it out to his superiors, it didn’t go well. As I recall it, each employee was given a unique link with a numerical identifier in the URL, except this guy discovered that these numbers were sequential—change the 8 to a 9 and you’re looking at someone else’s secure information, employee ID, social security number, stuff like that. This guy had another job in IT security, so he brought the issue to his boss and offered to remedy it. As I recall, they fired him, thinking he was trying to blackmail them rather than fix an obvious problem.

I’m not sure where I read about this and don’t recall any names, and I’m positive I have some of the details wrong. But does this sound familiar to anyone, or can someone track it down? I’d love to know the full story.

Thanks in advance! —96.8.24.95 (talk) 22:15, 16 September 2021 (UTC)


 * I forwarded this question to Peter G. Neumann and he kindly replied (quoted by permission) with the following excerpts from this page. However, while all of them show people suffering from no good deed going unpunished, none of them seem to exactly match the original poster's description of the case.
 * Edward F. Wilson, whistleblowing aerospace SW Quality Assurer fired life threatened (ACM Software Engineering Notes 11 3)
 * Roger Boisjoly fired after reporting O-ring problem that led to loss of the Challenger. (RISKS-5.78, 5.80, and 12.40)
 * Ted Postol harassed after report downgrading Patriot defense shortcomings: Iraqi Scud hit Dhahran barracks (28 dead, 98 wounded); not detected by Patriot defenses; clock drifted .36 sec. in 4-day continuous siege, due to SW flaw, preventing real-time tracking. Spec called for aircraft speeds, not mach 6, only 14-hour continuous performance, not 100.  Patched SW arrived via air 1 day later (S 16 3; AWST 10Jun91 p.25-26); Shutdown and reboot might have averted Scud disaster (S 16 4) Patriot missiles misled by `accidental' decoys; T.A. Postol report (S 17 2); summary of clock drift, etc. GAO/IMTEC-92-26, February 1992 (S 17 2); reprisals against Postol for his whistleblowing (R 13 32, S 17 2); Army downgrades success to about 10% rather than 80% [4 out of 47 hits] (R 13 37, S 17 2, 17 3); A retrospective analysis (in Italian) by Diego Latella (R 24 41, S 31 6:26)
 * Royal Navy battle software unsafe; whistle-blower fired (RISKS-23.56)
 * And he added:
 * Snowden, for a rather different interpretation of "fired" --> exiled!!!
 * The notation "RISKS-5.78" refers to the Risks Digest, archived here by volume and issue number. I suspect that "R 13 32" has a similar meaning and "S 17 2" refers again to Software Engineering Notes; "AWST" would be ''Aviation Week & Space Technology. --184.144.99.72 (talk) 21:00, 17 September 2021 (UTC)
 * Yeah, none of these are the accidentally-compromised-privacy I was trying to track down. But I appreciate the effort! —96.8.24.95 (talk) 04:15, 19 September 2021 (UTC)