BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Don't fix that security hole - sue the finder instead (fwd)

Subject: Don't fix that security hole - sue the finder instead (fwd)
From: Tim.Keller at stratus.com (Keller, Tim)
Date: Wed, 31 Jul 2002 13:52:53 -0400

<warning>I'm a privacy/civil/constitutional rights monger</warning>
Sometimes it sucks to be right.  When I read the DMCA the first time, I said
"Are they really going to pass this vague piece of crap?" and they did.  Now
we get to see the fruits of big businesses labor.

It's utterly irresponsible for HP to stifle the dissemination of
information.  What they should do, is go get the exploit code and create a
patch and notify all its customers that are running that version of Tru64.

This along with what happened with Bruce Perens shows where this country is
going.

I wonder how long it'll be until writing a piece of email that's critical of
a company's behavior or policies is against the law.

"When the wells dry, we know the worth of water" - Ben Franklin.

Tim.


-----Original Message-----
From: John Chambers [mailto:jc at trillian.mit.edu]
Sent: Wednesday, July 31, 2002 11:13 AM
To: BLU Boston Linux Unix group
Subject: Re: Don't fix that security hole - sue the finder instead (fwd)


What would be interesting would be to learn  how  many  HP/Compaq/DEC
developers have been told about this in the past year.  Was it buried
by management?  Did someone develop a fix that wasn't distributed?

I can't imagine the techies in Nashua or Cambridge ignoring this.  So
they  must  not have known about it.  Any way we can get more info on
who knew what when?

Jerry Feldman writes:
| I found that interesting. My coworker is playing around with that exploiut
| now. Looking at it, it may be exploiting a hole in the chip's palcode,
| which can be easily fixed with a firmware upgrade. In any case, it should
| be fixable. More specifically, system calls are performed via a trap
| through the palcode.
| On 31 Jul 2002 at 9:33, David Kramer wrote:
| >   HP had a security hole in their Tru64 UNIX.  The fact was
| > apparently made public last year.  Someone recently published
| > the info, along with sample C code that exploits the hole.  HP
| > threatened them with DMCA prosecution and with a lawsuit.
| >
| > http://news.com.com/2100-1023-947325.html?tag=fd_lede
_______________________________________________
Discuss mailing list
Discuss at blu.org
http://www.blu.org/mailman/listinfo/discuss

Prev by Date: Attbi Woes
Next by Date: allowing scp but not ssh (here's how) (WHOOPS)
Previous by thread: Don't fix that security hole - sue the finder instead (fwd)
Next by thread: Attbi Woes
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org