Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
| HP had a security hole in their Tru64 UNIX. The fact was | apparently made public last year. Someone recently published | the info, along with sample C code that exploits the hole. HP | threatened them with DMCA prosecution and with a lawsuit. | | http://news.com.com/2100-1023-947325.html?tag=fd_lede Yeah; there's been a bit of discussion of this topic on slashdot: http://slashdot.org/article.pl?sid=02/07/31/0030239&mode=thread&tid=153 Included are a number of interesting replies by Bruce Perens. So far, the whole story seems pretty damning. It seems that HP was informed of the problem (a rootkit exploit in Tru64 Unix) about a year ago, and pretty much ignored the problem although there was working code. A few months ago, when the SnoSoft people who found it tried getting a bit more action, HP's response was to ask them how much money it would take to keep them quiet. SnoSoft responded to this bribery attempt by describing the problem on a security mailing list. Next, HP threatened to prosecute them under the DMCA. SnoSoft's informed them that the person responsible for outing HP wasn't an American citizen and didn't live in the US, so there was little chance of an arrest. When HP stood by their threat, SnoSoft published the code of the exploit. HP may have just lost a whole lot of credibility in tech circles with this one. Anyone concerned with computer security now has to assume that there are probably more serious security problems with HP systems, since HP's policy is to suppress information about problems rather than fix them. It's been about a year since they were notified of this one, after all. The slashdot discussion has pointers to the C source for the exploit.
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |