Slashdot Mirror

← Back to Stories (view on slashdot.org)

HP Uses DMCA To Quash Vulnerability Publication

Posted by Hemos on from the beat-'em-down-with-a-stick dept.

Several readers wrote to note the fact that HP has evidently threatened to use the DMCA and computer crime laws against SnoSoft who have found a security flaw in Tru64. The quote from the HP VP is that the accused "could be fined up to $500,000 and imprisoned for up to five years."

12 of 603 comments (clear)

  1. bugtraq email by Anonymous Coward · · Score: 4, Informative
    Contents of the bugtraq email. Doing anon, fearful of prison buggery:


    got fed up of corporate bullshit
    here is the warez, nothing special, but it does the job :)
    note, this is just one of many many exploitable bofs in tru64 5.x
    http://deepmagic.securify.org.uk:8080/su.c
    phased
    phased@mail

  2. Tell HP's CEO what you think! by Arcturax · · Score: 5, Informative

    Email their president and CEO from this page!

    Tell her in NICE non flaming tones why you feel what they are doing is wrong. Explain that this kind of action makes you unwilling to buy any more products from them.

    --

    --Won't that be grand? Computers and the programs will start thinking and the people will stop. - Dr. Walter Gibbs
  3. In case anyone wants it... by User+956 · · Score: 2, Informative

    You can download the source code here.

    --
    The theory of relativity doesn't work right in Arkansas.
  4. Re:Bruce Perens by Bruce+Perens · · Score: 5, Informative
    I don't know, but I am not happy to hear this at all. And if it's true, I'll take them to task for it. This is the first I've heard of the whole thing.

    Bruce

    --
    Bruce Perens.
  5. Re:Bruce, it's time for you to make a decision by Bruce+Perens · · Score: 4, Informative
    I just heard of this for the first time, so give me some time to speak with the people involved.

    Bruce

    --
    Bruce Perens.
  6. Re:Bruce Perens by Bruce+Perens · · Score: 5, Informative
    By the way, my phone is 510-526-1165, if you feel the need to talk about this. I leave that line off the hook when I don't want calls, but it's available most of the day.

    Bruce

    --
    Bruce Perens.
  7. Honorable Bruce Perens by jsse · · Score: 4, Informative

    Just in case few of us here don't know about him. You can find his homepage here
    , and in his Bio you can find:

    " Hewlett-Packard Corporation - 2000 to Present

    Senior strategist, Linux and Open Source. I am the first Open Source evangelist to gain a role in top management of a multi-Billion-dollar corporation. On the org chart there are only three people between me and the CEO - a general manager, a vice president, and a president. Among my assignments is to challenge HP management."

    So he's in position to speak up in this case.

    Note: I don't know if it's redundent but I'm sure some people would like to know. I don't ask for any mod point.

  8. Re:Bruce, it's time for you to make a decision by Bruce+Perens · · Score: 3, Informative
    Well, my job is keeping the company from doing stuff that makes its customers want to "vote with their wallet" as you do, or fixing the problem when that goes wrong. Give me some chance to do it.

    Bruce

    --
    Bruce Perens.
  9. Re:Bruce, it's time for you to make a decision by Bruce+Perens · · Score: 3, Informative
    One has to balance law and personal integrity. If things went down the way they were reported - and that's a big if - I would not really be able to stand by this, and would probably air some criticism of HP management. When I was hired, I did negotiate how and when I could criticize the company, and this falls within those parameters. Would I quit? Some people think I should stay around and try to teach them the right thing to do. Not that this would be easier than quitting. But HP isn't going away just because I slam the door on them.

    Bruce

    --
    Bruce Perens.
  10. Answer of Mr. Ferson by trizzer · · Score: 2, Informative

    Well at least u get an anser if u write to him (could be an automatic reply tho cause his mailbox has been spammed by the /. crows ;)

    --- schnipp ---

    Dirk,

    Appreciate your note and concern. Let me just start by saying, "don't
    believe everything you read in the press :-)". I can assure you that my
    primary interest and concern is for the Tru64 customers and that the
    Tru64 engineering team is committed to finding and fixing any security
    problem in the product and getting these fixes/notifications out to
    customers ASAP. Trying to do everything possible for Tru64
    customers is what motivates and brings me to work every day
    (and night :-). We also encourage our customers and 3rd parties
    that find security issues in the product to coordinate through the
    CERT process, which has been set up to support both product
    vendors and customers. Again, I appreciate your concern and
    feedback.

    Kent ...

    -----Original Message-----
    From: Dirk Lenneffer [mailto:*********.com]
    Sent: Tuesday, July 30, 2002 11:42 PM
    To: Ferson, Kent
    Subject: TRUE64 exploit

    dear mr. ferson,

    instead of threatening the people who do YOUR work of finding bugs in
    your product you should simply thank them, fix the bug and move along.
    this last act of yours doesnt give us as customers great confidence in
    your way of handling security related issues within your products.

    best regards

    --- schnapp ---

    --
    ___________ LOAD"$",8,1
  11. Well, maybe not the ACLU... by El+Camino+SS · · Score: 3, Informative

    The EFF I respect. I understand their issues, and the fact that we are totally under assault by corporations who want to chop up the digital world and sell it to us at as much as we can possibly afford to pay. Digital "Coal Towns" (look it up if you want to see some of America's greatest corporate crimes against humanity in the past).

    As a member of the media, and a person that touches base with the ACLU every few weeks, I'll say that the ACLU is no longer interested in civil liberties, but more interested in legislating this society to a direction that they would prefer us to act. Trying to modify behavior through legislation is very different than protecting the right for us to act the way WE WANT TO ACT.

    As of late, they seem to be only interested in anyone else but a person interested in computers. After talking with me several times face to face, the local rep of the ACLU has pretty much explained about their crusade against private Christian schools (please not the stressing of private) and their deemed "objectionable behavior" by those schools, and active interest in what goes on inside those schools. Those activities are rather curious for an organization like the ACLU, are they not?

    After talkig to them about these subjects, I would never, EVER give them another dollar. They appear to represent the civil liberties of only SOME AMERICANS. OF COURSE, before I get slapped back, I would like to repeat this... imho, IMHO, IMHO!

    So as a member in good standing of the /. crowd, I'd like to say lets stick to what we are specifically interested with on this board... and not give money to people who would love to "engineer through legislation" a power struggle at the expense of some Americans over other Americans.

    This is a call to not listen to the ACLU. For computer issues, please stick your money to the EFF. The ACLU has gotten batty in its old age, and is trying to change the way we think, which the last time I checked, is a CIVIL LIBERTY.

  12. Re:Did the hackers give HP fair notice? by snosoft · · Score: 2, Informative

    "http://www.netsys.com/cgi-bin/display_news_articl e.cgi?338"