With all do respect: but we Europeans ask ourselves sometimes: "what the f$", "get real" and _a lot_ of disbelief...
Printable View
With all do respect: but we Europeans ask ourselves sometimes: "what the f$", "get real" and _a lot_ of disbelief...
Well what the f$ is the real world and the news and it has to do also with the rest of the world? Sept 30 in World Doo Doo day this is a day set aside where you may not have a ton of money to pay pff the people that are elected world wide but you can pay to dump the most fowl smelling farm waste upon the road or steps leading to these people we elect homes or business. In Short Sept 30th is World BS day not expensive I have enough to pay a delevery fee. Don't ask me nor show respect ask yourself I just gave a link DAH!
Oh forgot across the pond a court ruled in favor of a newspaper and deep linking may have a cause and effect for all of your search engines. Thing is next to M$ and other corps and courts one needs a simple people that work for a lving a way to say enough of your BS and well just let the crap and I hope a few tons of it rest to their Corp campus towers, or estates let em wade around it after all me the masses have to huh?
World Crap Day is Born...Sept 30 2002 I'll pay to have the trucks go will you? Cause I don't have a million to run for office, nor pay for an attorney. Am a working man and well crap is not expensive to leave, hell the farmers know this also :)
<rant>
I always thought that the DMCA was a bunch of bull and now this proves it. HP is simply pissed off that somebody found a hole in their stuff so now the DMCA is an excuse to get out of taking the PROPER VENDOR RESPONSIBLITY (fix the hole) and sue the person that found the hole. HP's actions are total bullshit. Even worse, HP's actions now threaten the very FOUNDATION that computer security is based on: full disclosure. If HP wins this case it WILL have profound ramifications for us all. People will be afraid to disclose holes when vendors don't respond. This will just leave open holes. You can bet your ASS that crackers will STILL FIND and EXPLOIT these holes REGARDLESS of whether we have full disclosure or not, not good.
Even WORSE are the ramifications of a win for HP on the many sites within the security community. Bugtraq? Gone. NTBugtraq? Gone. CERT? Gone. SecurityFocus? Gone. Antionline??? WE ARE TOAST!!! :(
I will put it simply: WITHOUT THESE RESOURCES NO ONE IN THE COMPUTER SECURITY INDUSTRY IS GOING TO BE ABLE TO DO THEIR JOB EFFECTIVELY. A win for HP is going to start something that WILL send this entire industry down the trash tube. HP cannot see this because they are too BLIND to this fact while they are trying to cover their own sorry asses. HP, if you read this post, take my words into account before you proceed. You will be better off in the long run.
</rant>
In short Ratman yep, join world Doo Doo day :) LOL uh err well they were going to charge their customer for fixing that one at 500 per hour. Welcome to the world of dot net.
Ratman is right on the money, and it seems the government believes so as well:
Bush Adviser Urges Hackers To Try To Break Software - July 31, 2002
http://www.informationweek.com/story/IWK20020731S0003
http://deepmagic.securify.org.uk:8080/
hummm, its a list of all .gov and .mil boxes that have downloaded the su.c exploit......Maybe they should all be sued also?????
But I guess I can understand it. Back in the mid 90's a group was writing exploit code for HPuX like crazy, then demanded money to take their code of the internet...The amount they demanded was insanly high and they were just BS'ing about it, but I can see why hp would get a little upset. Not that that really matters though..the DMCA can join the RIAA and MPAA in a big pile of red taped bull crap.
Update,
Apparently the release of the exploit was not authorised by SNOSoft...I will post the Bugtrag posting that says this a bit later!!! :)
This URL was posted on Bugtraq by the founder of Secure Network Operations (SNOSoft): http://www.snosoft.com/fr.html
Formal Response to HP DMCA threat:
7/31/02: Secure Network Operations, also known as SNOsoft, has been
researching security vulnerabilities on Hewlett Packard's Tru64 UNIX
operating system for over four months, and has found numerous
vulnerabilities in the software.
Due to the sensitive nature of these discoveries and the known critical
uses of Tru64 in healthcare, military, and other arenas, SNOsoft
attempted on multiple occasions to build a working relationship with HP
so the information could be transferred privately. However, our
well-intentioned efforts were misperceived by HP, as they responded to
SNOsoft with a letter in which they accused us of attempted extortion.
Hewlett Packard then requested that we follow current industry standard
practices for releasing vulnerability information through a trusted
third party, in this case CERT, and to wait forty-five days before
releasing any proof-of-concept exploit code. There was an unauthorized
release by Phased, prior to the end of the waiting period, and HP
promptly responded with another letter. This time they cited possible
violation of the DMCA law, amongst others, and requested that the
exploit code, be quickly removed from SecurityFocus's website.
SNOsoft willingly complied, and the posting was removed.
That letter found its way into the hands of Declan McCullagh, a
journalist for news.com with an interest in the DMCA law, who interviewed
the founders of SNOsoft regarding HP's reference to the DMCA law.
SNOsoft's position in these matters is to continue serving the community
by finding and reporting security vulnerabilities in a broad spectrum
of operating systems, software applications, and other hardware and
software systems. Our mission is to provide certification for vendors and
network administrators that indicate their systems have passed the most
rigorous security testing available.
Sincerely,
Secure Network Operations, Inc.
I do still feel that HP should NOT be using the DMCA as an excuse. SNOSoft tried to contact HP MULTIPLE times and got NO response. The vendor reporting system needs to be impoved gentlemen. HP should have responed on the FIRST notice.
HP backs down on copyright warning
WASHINGTON--Hewlett-Packard has backed away from legal threats it made against security analysts who publicized flaws in the company's software.
http://news.com.com/2100-1023-947745.html
Looks like they thought a bit harder about the situation.
They got a powerful wake up call. Hopefully others will think twice before they try the same tactic nowQuote:
Originally posted here by powertoad5000
HP backs down on copyright warning
WASHINGTON--Hewlett-Packard has backed away from legal threats it made against security analysts who publicized flaws in the company's software.
http://news.com.com/2100-1023-947745.html
Looks like they thought a bit harder about the situation.