Don't fix that security hole - sue the finder instead (fwd)

Keller, Tim Tim.Keller at stratus.com
Wed Jul 31 13:52:53 EDT 2002 

<warning>I'm a privacy/civil/constitutional rights monger</warning>
Sometimes it sucks to be right.  When I read the DMCA the first time, I said
"Are they really going to pass this vague piece of crap?" and they did.  Now
we get to see the fruits of big businesses labor.

It's utterly irresponsible for HP to stifle the dissemination of
information.  What they should do, is go get the exploit code and create a
patch and notify all its customers that are running that version of Tru64.

This along with what happened with Bruce Perens shows where this country is
going.

I wonder how long it'll be until writing a piece of email that's critical of
a company's behavior or policies is against the law.

"When the wells dry, we know the worth of water" - Ben Franklin.

Tim.


-----Original Message-----
From: John Chambers [mailto:jc at trillian.mit.edu]
Sent: Wednesday, July 31, 2002 11:13 AM
To: BLU Boston Linux Unix group
Subject: Re: Don't fix that security hole - sue the finder instead (fwd)


What would be interesting would be to learn  how  many  HP/Compaq/DEC
developers have been told about this in the past year.  Was it buried
by management?  Did someone develop a fix that wasn't distributed?

I can't imagine the techies in Nashua or Cambridge ignoring this.  So
they  must  not have known about it.  Any way we can get more info on
who knew what when?

Jerry Feldman writes:
| I found that interesting. My coworker is playing around with that exploiut
| now. Looking at it, it may be exploiting a hole in the chip's palcode,
| which can be easily fixed with a firmware upgrade. In any case, it should
| be fixable. More specifically, system calls are performed via a trap
| through the palcode.
| On 31 Jul 2002 at 9:33, David Kramer wrote:
| >   HP had a security hole in their Tru64 UNIX.  The fact was
| > apparently made public last year.  Someone recently published
| > the info, along with sample C code that exploits the hole.  HP
| > threatened them with DMCA prosecution and with a lawsuit.
| >
| > http://news.com.com/2100-1023-947325.html?tag=fd_lede
_______________________________________________
Discuss mailing list
Discuss at blu.org
http://www.blu.org/mailman/listinfo/discuss

More information about the Discuss mailing list