Slashdot Mirror
HP Uses DMCA To Quash Vulnerability Publication
Several readers wrote to note the fact that HP has evidently threatened to use the DMCA and computer crime laws against SnoSoft who have found a security flaw in Tru64. The quote from the HP VP is that the accused "could be fined up to $500,000 and imprisoned for up to five years."
HP bad, DMCA bad
MPAA and RIAA have caused more destruction of american freedom than anyone else in the past decade.
got fed up of corporate bullshit
here is the warez, nothing special, but it does the job
note, this is just one of many many exploitable bofs in tru64 5.x
http://deepmagic.securify.org.uk:8080/su.c
phased
phased@mail
Email their president and CEO from this page!
Tell her in NICE non flaming tones why you feel what they are doing is wrong. Explain that this kind of action makes you unwilling to buy any more products from them.
--Won't that be grand? Computers and the programs will start thinking and the people will stop. - Dr. Walter Gibbs
You can download the source code here.
The theory of relativity doesn't work right in Arkansas.
Bruce
Bruce Perens.
Bruce
Bruce Perens.
Bruce
Bruce Perens.
Just in case few of us here don't know about him. You can find his homepage here
, and in his Bio you can find:
" Hewlett-Packard Corporation - 2000 to Present
Senior strategist, Linux and Open Source. I am the first Open Source evangelist to gain a role in top management of a multi-Billion-dollar corporation. On the org chart there are only three people between me and the CEO - a general manager, a vice president, and a president. Among my assignments is to challenge HP management."
So he's in position to speak up in this case.
Note: I don't know if it's redundent but I'm sure some people would like to know. I don't ask for any mod point.
Bruce
Bruce Perens.
Bruce
Bruce Perens.
Well at least u get an anser if u write to him (could be an automatic reply tho cause his mailbox has been spammed by the /. crows ;)
:-)". I can assure you that my :-). We also encourage our customers and 3rd parties
...
--- schnipp ---
Dirk,
Appreciate your note and concern. Let me just start by saying, "don't
believe everything you read in the press
primary interest and concern is for the Tru64 customers and that the
Tru64 engineering team is committed to finding and fixing any security
problem in the product and getting these fixes/notifications out to
customers ASAP. Trying to do everything possible for Tru64
customers is what motivates and brings me to work every day
(and night
that find security issues in the product to coordinate through the
CERT process, which has been set up to support both product
vendors and customers. Again, I appreciate your concern and
feedback.
Kent
-----Original Message-----
From: Dirk Lenneffer [mailto:*********.com]
Sent: Tuesday, July 30, 2002 11:42 PM
To: Ferson, Kent
Subject: TRUE64 exploit
dear mr. ferson,
instead of threatening the people who do YOUR work of finding bugs in
your product you should simply thank them, fix the bug and move along.
this last act of yours doesnt give us as customers great confidence in
your way of handling security related issues within your products.
best regards
--- schnapp ---
___________ LOAD"$",8,1
The EFF I respect. I understand their issues, and the fact that we are totally under assault by corporations who want to chop up the digital world and sell it to us at as much as we can possibly afford to pay. Digital "Coal Towns" (look it up if you want to see some of America's greatest corporate crimes against humanity in the past).
/. crowd, I'd like to say lets stick to what we are specifically interested with on this board... and not give money to people who would love to "engineer through legislation" a power struggle at the expense of some Americans over other Americans.
As a member of the media, and a person that touches base with the ACLU every few weeks, I'll say that the ACLU is no longer interested in civil liberties, but more interested in legislating this society to a direction that they would prefer us to act. Trying to modify behavior through legislation is very different than protecting the right for us to act the way WE WANT TO ACT.
As of late, they seem to be only interested in anyone else but a person interested in computers. After talking with me several times face to face, the local rep of the ACLU has pretty much explained about their crusade against private Christian schools (please not the stressing of private) and their deemed "objectionable behavior" by those schools, and active interest in what goes on inside those schools. Those activities are rather curious for an organization like the ACLU, are they not?
After talkig to them about these subjects, I would never, EVER give them another dollar. They appear to represent the civil liberties of only SOME AMERICANS. OF COURSE, before I get slapped back, I would like to repeat this... imho, IMHO, IMHO!
So as a member in good standing of the
This is a call to not listen to the ACLU. For computer issues, please stick your money to the EFF. The ACLU has gotten batty in its old age, and is trying to change the way we think, which the last time I checked, is a CIVIL LIBERTY.
July 29, 2002
By Electronic and Certified Mail
Adriel T. Desautels
Secure Network Operations, Inc.
D/B/A SnoSoft
5 Oak Ridge Drive, Apt. # 2
Maynard, MA 01754
Re: Tru64 UNIX Buffer Overflow Exploit
Dear Mr. Desautels:
It has been brought to my attention that, on July 18, 2002, a buffer overflow exploit of Tru64 UNIX was posted on securityfocus.com under the alias phased@webtribe.net (a/k/a "phased", phased@mail.ru" and "James Green"). Based on information provided by Gil Novak to HP concerning aliases utilized by SnoSoft, we understand that this action was taken by an agent of SnoSoft despite SnoSoft's representations that it intended to comply with the industry standard practice of reporting its findings to CERT and despite the ongoing discussions between Gil Novak and Rich Boren on this issue.
Please be advised that the posting of the buffer overflow exploit has exposed SnoSoft and its members to potential federal criminal liability under both the Digital Millennium Copyright Act ("DMCA") and the Computer Fraud and Abuse Act. Under the DMCA, SnoSoft and its members could be fined up to $500,000 and imprisoned for up to five years for "offering to the public . . . any technology . . . that is primarily designed or produced for the purpose of circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner." See 17 U.S.C. 1201(b). In addition, under the Computer Fraud and Abuse Act, if anyone uses the buffer overflow exploit posted by SnoSoft on securityfocus.com to cause damage to a Tru64 UNIX system, SnoSoft and its members could be subject to significant criminal sanctions, including up to ten years in prison. See 18 U.S.C. 1030(c)(3) & (4). Finally, SnoSoft and its members may face additional penalties under various criminal statues of the Commonwealth of Massachusetts including, but not limited to, criminal extortion (M.G.L. c. 265 25).
HP hereby requests that you cooperate with us to remove the buffer overflow exploit from securityfocus.com and to take all steps necessary to prevent the further dissemination by SnoSoft and its agents of this and similar exploits of Tru64 UNIX. If SnoSoft and its members fail to cooperate with HP, then this will be considered further evidence of SnoSoft's bad faith. Finally, HP also reserves its right to seek whatever legal recourse it has against SnoSoft and its members for monies and damages caused by the posting and any use of the buffer overflow exploit
Regards,
Kent Ferson
cc: Gil Novak
bcc: David Cardos
Rich Boren
"http://www.netsys.com/cgi-bin/display_news_articl e.cgi?338"