A hacker who last month infiltrated Taiwan High Speed Rail Corp’s ticketing system is now advocating legislation to protect the rights of “white hats” — computer experts who specialize in identifying vulnerabilities in information systems through penetration testing and other methods.
Chang Chi-yuan (張啟元), 25, was released on bail of NT$100,000 after he was allegedly found to have tampered the ticketing system to provide a NT$200,000 refund for a NT$20 ticket.
“I will not avoid talking about my behavioral issues, nor will I avoid addressing my legal problem, which I hope to resolve by identifying the fundamental problem,” Chang said on Facebook.
The government should create new laws and amend regulations to protect ethical hacking, he said.
Specifically, there should be a state-run platform for Taiwanese companies — regardless of whether they are in traditional or high-tech industries — to request system penetration testing, Chang said, adding that the platform should display the authorization status for white hat operations as well.
If a company welcomes white hat information security testing, the platform would reflect that the company approves such a practice, for which it would set legal boundaries and reward systems for ethical hackers, he said.
Companies whose systems are off-limits to ethical hackers could indicate through the platform that they do not permit the practice and people would be warned that they would face criminal punishment if they ignore the firms’ expressed prohibitions and hack into the systems, he added.
“If there is a specific law and a certification from the government, white hats can clearly know if a company allows information testing. There would be no gray area and it would free hackers from the bind of having to inform the company in advance,” Chang said.
Taiwan has many white hats, but they do not test the information systems of local companies due to fears of legal consequences, he said.
A specific law would create a win-win situation for Taiwanese corporations and ethical hackers, he added.
Creating platforms for ethical hacking is not a new concept, Chang said, citing privately run HackerOne and Bugcrowd as two of the most popular examples.
As no government has created such a platform, Taiwan could make a major leap forward by creating the world’s first state-run platform for white hats, he said.
Randy Tang (唐元亮), an associate professor at Chaoyang University of Technology’s Department of Information Management, told the Chinese-language Apple Daily in an interview that while he approves of amending regulations to allow ethical hacking, he thinks companies should be allowed to decide whether they allow such a practice, adding that hackers must conduct such testing with goodwill and pledge not to harm systems.
“However, following Chang’s logic, companies that refuse to grant such permission would receive negative reviews and even risk tarnishing their images,” Tang said.
Last year, Chang reportedly purchased 502 iPhones for NT$1 by hacking the Apple Pay system.
He was in 2015 fined NT$60,000 for infiltrating a bus operator’s system and buying a ticket for NT$1.
In 2013, he exploited a loophole in Facebook to delete posts by the social media platform’s founder, Mark Zuckerberg.
Taiwanese can file complaints with the Tourism Administration to report travel agencies if their activities caused termination of a person’s citizenship, Mainland Affairs Council Minister Chiu Chui-cheng (邱垂正) said yesterday, after a podcaster highlighted a case in which a person’s citizenship was canceled for receiving a single-use Chinese passport to enter Russia. The council is aware of incidents in which people who signed up through Chinese travel agencies for tours of Russia were told they could obtain Russian visas and fast-track border clearance, Chiu told reporters on the sidelines of an event in Taipei. However, the travel agencies actually applied
Japanese footwear brand Onitsuka Tiger today issued a public apology and said it has suspended an employee amid allegations that the staff member discriminated against a Vietnamese customer at its Taipei 101 store. Posting on the social media platform Threads yesterday, a user said that an employee at the store said that “those shoes are very expensive” when her friend, who is a migrant worker from Vietnam, asked for assistance. The employee then ignored her until she asked again, to which she replied: "We don't have a size 37." The post had amassed nearly 26,000 likes and 916 comments as of this
New measures aimed at making Taiwan more attractive to foreign professionals came into effect this month, the National Development Council said yesterday. Among the changes, international students at Taiwanese universities would be able to work in Taiwan without a work permit in the two years after they graduate, explainer materials provided by the council said. In addition, foreign nationals who graduated from one of the world’s top 200 universities within the past five years can also apply for a two-year open work permit. Previously, those graduates would have needed to apply for a work permit using point-based criteria or have a Taiwanese company
The Shilin District Prosecutors’ Office yesterday indicted two Taiwanese and issued a wanted notice for Pete Liu (劉作虎), founder of Shenzhen-based smartphone manufacturer OnePlus Technology Co (萬普拉斯科技), for allegedly contravening the Act Governing Relations Between the People of the Taiwan Area and the Mainland Area (臺灣地區與大陸地區人民關係條例) by poaching 70 engineers in Taiwan. Liu allegedly traveled to Taiwan at the end of 2014 and met with a Taiwanese man surnamed Lin (林) to discuss establishing a mobile software research and development (R&D) team in Taiwan, prosecutors said. Without approval from the government, Lin, following Liu’s instructions, recruited more than 70 software
RSS