Calling it "revenge hacking" is a pretty major misrepresentation. The proposed legislation basically makes a company exempt from hacking laws if they are doing it to protect their data from someone else who has broken those laws, or assist in forensics.
This is pretty important and could have a big positive impact on the field of infosec. Without legislation like this, if your organization had a data breach, and you had a way to get that data out of the hands of the intruder, you wouldn't be legally able to act upon it, as you'd be illegally accessing someone's system yourself.
This basically says "if you had a data breach, you can try to identify the intruder or neutralize the data".
Thanks to point out that link :)
I completely agree that being approved this law will benefit the infosec world and they really need it to combat the bad guys ;)
In my opinion, if back-hacking were legal, that would be great fun. Mostly because every time I see some hacker group take credit for some lame, uninteresting attack (You brought down PlayStation Network? Oh no...that means I won't be able to play Monster Hunter World for an entire hour while Sony makes the problem disappear?!?), I've always secretly wished that a dump of that hacker group's API keys would suddenly end up on GitHub or that same Twitter profile would tweeting ridiculous things like "All of us here at would just like everyone to know that we have heard your feedback and no, we are not going stop posting to our blog series 'Guess Where I'm Wearing the Peanut Butter'. While we understand that those who have never felt PB between their butt cheeks would find this strange, don't knock it until you've tried it."
Oh and, um... black-hat stuff is bad and such... ahem
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.