Slashdot Mirror
Foundstone Shoe On Other Foot
Cimmer writes "One of the premier hack shops (to pun or not to pun) gets busted for unethically ethically hacking.
After filing a lawsuit against former employee JD Glaser for supposedly jacking company source code, Foundstone gets nailed for massive internal software piracy. Tonight's entree: Foot in Mouth."
From the article, it sounds like Kurtz needs a good kick in the butt.
I once worked with a terrific cracker (he ended up doing time for hacking into NASA owned systems at the University of Florida - in fact, I believe that he is still incarcerated). He really knew his shit, especially when it came to invisibly manipulating Cisco equipment and covering his tracks in Unix/Linux/BSD logs. He was also somewhat of a coder. He was kind of scary in a way. It was funny to see how much the entire operation of the IT department changed once we found out how good we really was, and how much the manager started reviewing technology laws. He was on our side, our white hat, and still everyone was immensely wary of him.
Even though he effortlessly secured three large networks and found glaring problems with our state-wide backbone, he was canned out of fear. He was later found guilty of causing damages to the network after his termination, at the same time he was busted for the NASA fiasco (the FBI had been watching his movements for some time). In hindsight, I can say that our cautious approach towards him was warranted, even though it caused him obvious grief when he was employed with us.
Hell, he will be making twice my salary at McAfee or something when he gets out of prison anyways, why am I feeling bad for him?
It's like "jumbo shrimp" or "military intelligence."
This is like a firefighter getting busted for arsen, it just doesn't look good.
If the dollar is an "I owe you nothing", then the Euro is a "Who owes you nothing." - Doug Casey
Corporations who use one legal copy of software to install on all their company machines are doing damage to open-source.
Think about it: If it were impossible for them to just rip-off Windows, Outlook, Office, Ultraedit etc. they would use Linux, Evolution, OpenOffice, Scite/emacs/vi/whatever, since they obviously don't want to spend any money on software.
graspee
US Democracy:The best person for the job (among These pre-selected choices...)
How many of you run Winzip without a valid license?
so wait, i'm confused.
we're all happy now that they got busted for piracy(?). they deserve it because they sued some dude who stole their code. but the author says "supposedly" in reference to "jacking company source code". is he implying that no theft occured, and therefore these guys were suing for no reason, and that's why we're on the side of the BSA for today? or are we just taking a stance against software piracy? or does what go around come around?
what does "unethically ethically hacking" mean, anyway? were they white hat hackers using pirated software? and where does the pun on "premier hack shops" come in? they're "hackers" (in the bad sense of the word, even if they did whitehat work) and the story involves "hacking". no wait, it involves software piracy. perhaps they were hacking using a pirated version of adobe premier. i'm not sure how that would work, but then the pun would make sense.
but then, who's foot is in who's mouth? i think it's foundstone. but i haven't seen them say anything that was proven embarrasing as to gain the "foot in mouth" designation. maybe i haven't been following the saga of this company, but the context of the post certainly does not imply any foot-in-mouth action going on.
anyone???
of the "Microsoft profits from piracy." idea. Another facet of this is that many of these companies get caught and are forced to pay up.
A rival computer store in my town has been peddling the same Windows XP key for an entire year. This hurts the business of legitimate sellers who can't compete with the price as well, and it hurts Microsoft's goal of making several hundred dollars from every desktop computer in America. Now I don't know what to believe...
You can't judge a book by the way it wears its hair.
so what did foundstone have to say? the article doesnt even say they tried to get their side. seems like jd was trying to take the heat off his lawsuit buy working the software piracy angle.
like all of us here register winzip? riiiiight.
prudence and suicidal lemmings (or according to the article, misguided squirrels)
/., I agree that a certain amount of prudence is needed to keep our world "safe and secure from those pesky hackers and virtual terrorists, etc" but come on, there are so many more critical things to worry about.
;) )
What's worse, giving away the security tool would actually endanger National Security, McClure insisted. "The public would be armed by the potential for misuses of these technologies by hackers and cyberterrorists."
without reiterating the many articles here on
and besides, the claim by foundstone that "it was 'simply impossible' to create such a toolkit in that timeframe", doesn't necessarily mean that it couldn't be done.
I hate even wasting keystrokes on this, but when I read the article, I couldn't help but imagine some corporate bigwig nearly in tears, throwing a tantrum about not getting his way... and when he (McClure) pulled the ole 'terrorist' card, it sealed my opinion. ( woo hoo, like my opinion is worth anything
I don't know who is in the clear here, but the whole situation stinks. and I fear it's just going to get worse. oh, and the kicker (IMO),
No actual evidence was presented, but McClure's arguments were enough for the judge in the case to issue a retraining order blocking Glaser and NTO from releasing Fire and Water.
perhaps this was prudent, but these days I wouldn't put any money on it. Anymore, I am inclined to believe that there are tons of lemmings/squirrels out there who are determined to try to screw up any little bit of the world which can possibly be screwed up. Although I sound rather pessimistic, I think we will get through this in relatively decent shape, but the road to get there is sure to be bumpy ride.
-John
"The definition of insanity is continuing to do the same thing and hoping for different results"
Nothing worse than a software company that steals software. How the hell can someone who steals the exact thing they are trying to sell look at themselves in the mirror. Oh yea, I forgot we still have Republicans.
Hypocrites are such a waste of space.
"Squeeze Me Macaroni", by Mr. Bungle
I wanna lock Betty Crocker in the kitchen
And knock her upper during supper
Clutter up her butter gutter
Hostess Ding Dong wrapped an eggroll around my wong
While Dolly Madison proceded to ping my pong
Your Milky Way is M'n'M in your britches
And I'll tell you Baby Ruth it looks mighty delicious
Keep blowing my gum, cuz here I come
I'm gonna get you all sticky with my Bubble Yum
Knick knack paddywhack and give your dog a bone, baby
I was givin' some head to some french bread
It was a four course orgy on the spread of my bed
French kissin' french fries in my Fruit of the Looms
I get deeper penetration with a fork and a spoon
I got yogurt meat loaf smeared all over my ass
I stick my weiner in two buns and and then give it the gas
Sour cream from my spleen into Levi jeans
Gonna bust the seams with my refried beans
Ronald McDonald just loves to be fondled
With Big Mac he'll fuck it like a Chicken McNugget
Colonel Sanders wants to goose Granny's loose caboose
He's gonna give her a boost with that Kentucky fried juice
Sooper doop poop scoop, loop de loop, chicken coop
Shoot some hoop, top sirloin from the groin
Topped with dick cheese, sneeze, wheeze,
From the skeez disease, wooi!
Take a dump, baby, squirt some gravy
Pour some sugar on me, honey, make it brown & runny
Give a little Flavor Flav, back from the grave
Gonna burn some toast, pump some humpin' rump roast
Knick knack paddywhack, jump in the sack, in fact
Jerk the smack and crack Jack from the back
Bananarama or ramabanana
Fuckin' Barry Manilow on the Copa Cabana
Squeeze me macaroni, slop your face with my bologna
You gotta syphon the spinach, you gotta cream the corn
Sperm scrambles the eggs and a meal is born
Cookin' like a beginner, but I'm goin' up in her
I had Fritos for lunch I'm havin' bush for dinner
Chef Boyardee and the Three Muskateers
Shove Charleston Chews in their rears like queers
"Holy moly, guacamole!" said my Chips Ahoy
I'm gonna pinch a ravioli on the Pillsbury dough boy
Knick knack paddywhack and give your dog a boner, baby
We came to pottie...we came to pottie down your throat
(-1, Raw and Uncut is the only way to read)
Read the damn links. Everything you mention is covered, clearly and pretty unambiguously, in the two fairly short articles cited.
In summary, though, lots of current and ex-employees of Foundstone are backing up claims that the guys at the top had wholesale software piracy going on in-house. This partly came to light as a result of going after another company, started by one former employee and now including several more, that developed a product in the same industry in a time that, according to Foundstone guys, wasn't possible without stealing their vitally important trade secrets. Except that they forgot to say what those secrets were, the other company's product was much smaller scale than the mainstream corporate offering from Foundstone, and most of the info is likely to have been freely available or at least widely known in the business, and not trade secret at all anyway. As a result of this lot, the judge who initially forbade the other company from shipping their product lifted that injunction a month or so later on the basis that there was basically nothing but someone from Foundstone's say-so that anything was wrong.
Now go read the articles, please.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
It is weird that a company with multi million's of dollars would pirate software. I wonder what they spent all those millions on? they should have spent the money on software, and saved there image, rahter than saving money, and losing chances at future assests, something im sure they have done if they truly pirated software.
John, why did your webpage try to install Gator on my system?
"In some ways the Foundstone tale is a microcosm of the ugly side of the dot-com craze--arrogance, greed, mismanagement, and stupidity."
The ugly side?
Spare me 'the pretty side'...I don't want to know...ok, ok..someone tell me about the pretty side of the dot-com craze... Jennifer, in accounting, perhaps? A pale yellow BMW M3 parked on the sand at Pismo Beach? A new pair of oversized Berkenstocks? A shiny new blade server with redundant power supplies and terrabytes of fiber laced storage? Corner office with a wet bar?
C# good?!?! Well we won't have to worry about that trollbot.
read my blog
musings on politics and technol
Arr matey, you be a pirate too?
P.S. I can stand the use of the word "pirate" when it is referring to someone who is infringing on copyright laws. It just sounds stupid.
they would use Linux, Evolution, OpenOffice, Scite/emacs/vi/whatever
:)
But doesnÂt VI do all of those things Evolution, OO and above all "whatever" does? If itÂs not build in there *must* be a module somewhere
SCO is reportedly sueing both companies saying that it was their source to begin with!
J
Doh!
this is one thing that is really curious about winzip.
apparently they make so much money that they don't give a rat's ass about piracy.
Unlike other companies that update new versions to crack down key-gen'd code, winzip reg codes from windows 3.0 days STILL works up to the latest and greatest.
for example, load a copy of winzip, and type in:
anonymous
3DAE1000
and you got yourself a "registered," nag-free winzip copy. I thought they'd have patched it up by now, as myself have been using that code for a good 10 years now, but, well, try it and see, i guess.
posting anon for obvious reasons.
It's a good thing that proprietary software companies don't fall prey to those lurking IP encumbrances that plague the Open Source world.
You're thinking emacs.
You should be thinking Vim, though.
--
the strongest word is still the word "free"
Im actually very suprised at the reaction to this. How many of you have worked for small to mid-size IT related companies that havnt used unlicensed software of some sort. Its somewhat contradictory for a company to cry theft when they are thieves themselves, but then again as the old saying goes there is not honor among thieves. Ive worked for a few, and it doesnt suprise me one bit. Im not in shock or awe by this. And for a company that is one of the formost authorities on computer security to take part in cracking software isnt far fetched and is happening right now by other companies. If its for a proof of concept or for cheating the financial responsibilities. And as far as the accusation that they took the concept of the Extreme Hacking courses for their Ultimate Hacking courses, so what. How many smaller companies were founded by formers of other companies that applied their skills to do their own start-ups. This isnt ground breaking, its business as usual, even if it unethical. The only thing is since this article was pressed by Fortune, quite a bit of financial damage will be done to Foundstone, but thats the risk you take when you attack former employees when partaking in unethical practices.
From the articles it would appear that Foundstone preach security and educate corporate clients & toughen their clients networks. This is done for all the valid security reasons, but is third party licensing protection part of this? No way - it is a different issue.
This is like saying that they haven't registered their cars - it is an issue,but not one that would affect their business or their abilities.
I would see some of the moronic management practices that are mentioned in the article as grounds for ceasing business with these clowns, but I cannot see why a client cares less if their consultants use legit licensed software or not. If you are buying software from them, or outsourcing work directly to them then the answer is different, but these guys IP theft has no bearing on their output, it only affects their profit margin.
Their risk - their choice - their business.
Either You setup a secure linux box and nessus to get free scanning, or if you want the corporate/easy/expensive option you get qualys which scans for more vulnerabilities than anyone else and can do this from 1U server appliance, rather than the half rack that Foundstone has been trying to sell to people.
Never mind the whole legal problems that they have and the fact that their talented programmers keep jumping ship.
Foundstone have too many liabilities and not enough of a product for the cost.
I like nessus, but they do have a habit of crashing services and incorrectly identifying services, and it's GPL - although I hear that nessus is somewhat ironicly violating the GPL by blocking off parts of it's update site to known 'competitors' including foundstone, ISS and qualys.
"Oh yea, I forgot we still have Republicans"
I guess this is how ideologically rabid the left has gotten. Republicans, apparently, have a monopoly on corruption, and Democrats (and/or Greens) a monopoly on sainthood. By the way, did you know that John Kerry served in Vietnam?
AFAIK, only lefty Democrats think that by cutting taxes, we are "costing the government money". Get it, not collecting taxes is treated as a government expense. As if they have the right to all of your paycheck, but by the graciousness of their (the Republicans, since the last Democrat to push a tax cut was Kennedy) hearts, they'll "spend" some of your money by giving it back to you.
This copy of WinXP Pro I found on the net does it automatically, so there!
-Eyston
Interesting how they say "unauthorized software" instead or "pirated software"
Who uses Winzip? What's wrong with 7-Zip?
Employees say they were told to download whatever programs they needed by using license keys registered
only to McClure or Bahadur. (Legally Foundstone should have paid for each user.)
This must be the author's "Grand Unified Theory of Software Licensing". A lot of commercial software is actually
licensed per-machine or per-processor.
http://jesus.everdense.com/
If only you could pirate cars, or collegiate athletics...
I'm pretty sure you can pirate cars, but I think it's called "stealing" instead of "pirating."
- "Nobody came out that night, not one was ever seen. But Old Man Stauf is waiting there, crazy sick and mean!"
Found this on Foundstone.com:
FS Responds to Fortune
To our valued customers, partners, vendors and future customers,
The current issue of Fortune Magazine contains a lengthy article about Foundstone that significantly misrepresents the way we do business, and wrongly states that Foundstone does not respect intellectual property rights. I am writing to tell you some key facts surrounding this matter, and to correct some of the irresponsible misrepresentations and factual errors in the Fortune story.
Foundstone rigorously defends its commitment to protect intellectual property rights, and the intellectual property rights of other software makers. To demonstrate Foundstone's commitment to protecting the commercial use of other software, an independent, 3rd party audit was completed on May 2 (more than a month prior to this article). According to Harvey Liss, President of VLSystems, which conducted the independent audit, "The vast majority of the software applications running on the 510 active Foundstone systems were properly licensed. Including operating systems and applications, several hundred software programs are in current use by Foundstone and over 95% were identified as properly licensed. In our experience, having performed numerous software licensing audits, this is among the higher rates for pre-audit compliance." We recognize that for a company whose very foundations are built on protecting intellectual property, anything less than complete compliance is not acceptable. Our aggressive growth is not an excuse for non-compliance. We've taken the necessary steps to identify non-compliance and have immediately applied corrective action through new policies, procedures and education.
The sources and recent timing of these defamatory statements about Foundstone to Fortune Magazine is not a coincidence. Unfortunately, Foundstone was forced to file a lawsuit against NT Objectives, Inc. because of the misappropriation of trade secrets and our unsuccessful attempts in obtaining key information and a reasonable level of cooperation from NTO. Foundstone recently received some favorable rulings in arbitration that would allow Foundstone full discovery rights to review NTO's code. From the very beginning, NTO has vehemently objected to full discovery, even though they proclaim innocence. This Fortune article is a deliberate attempt to shift focus away from the facts of the case and divert attention to rumor, innuendo, and misinformation.
Our loyal customers and market standing speak for themselves. While macro economic factors are negatively impacting other high-tech firms, Foundstone continues to buck the trend with impressive revenue growth, employee growth (Foundstoneâ(TM)s attrition rate is below the industry average), expanded product offerings, and solid financial stability. Foundstone respects the interests of our partners, vendors and associates, and will continue to deliver the highest quality products and services to meet the needs of current and new customers.
If you have any questions about this article, I invite you to call me or Stuart McClure and weâ(TM)d be happy to give you the facts.
I guess you can say they have a case of foot in mouth disease. I make teh funnay1
I run WinRar without a valid license.
Foundstone's troubles began last October when the company brought a trade-secrets case against J.D. Glaser, its former director of engineering, accusing him of stealing proprietary code.
This was, in my view, the pivotal point in the downfall of the company. It was Newton's Third Law of Motion in action. Foundstone poked Glaser in the eye, and Glaser poked back. The benches of the opposing teams emptied out on the field for an old-fashioned brawl. This human element in business and history in general has always served as a fascination to me.
If Foundstone would have let Glaser go off and start his company without the eye gouging would there have been this expose'? I think not. Perhaps the company's small regard for employees would have brought to a head problems brewing within the firm. Lots of companies are not nice to their employees; but, I don't think it would be such potent fodder for Fortune magazine.
Harpo Tunnel Syndrome--my wrist feels funny.
Partly, it's the way people act that causes fear.
I guarantee if someone that good acts very professionaly, doens't brag about what they do, and keeps a low profile with regard to their skills, they won't have problems. If you present yourself as a rogue living on the edge, people will not trust you.
An employer will not fire you JUST because you know how to pick a lock, but the fact that you constantly talk about what locks you picked might scare him a little.
Dont trust your employees. Most of them are good, but all it takes are a few nasty ones to come back and bite your ass.
Not to sound like i condone their act, but lets face it every company must be using a few unlicensed software unless ofcourse they are running entirely on open source software. Say you were running a medium sized company and you have a 210 licenses & recently hired 10 new employees , are you going to immediately purchase the license for the 10 others - NO maybe when you get the next budget approval but not immediately.
There are ways to go about this without flagrantly handing over licenses to the employees.
1. Imaging for any upgrades : Ask your employees to backup their personal files on the network & take their disk for imaging. With lot of stuff coming preinstalled on the pc, the employee would hardly take the time to look at what is licensed where.
2. Have a highly trustworthy IT department that does the installations for the staff. This way employees see only the installed APP and not what went into the installation.
I have respect for this guy Jason Glassberg, Foundstone's former software-consulting guru. From the article, this is what he had to say about the litigation:
"This is bullshit,We will regret the day we became a litigious company. You realize you have zero support from the rest of the company on this action, don't you?"
Wonder why he got fired for saying that. Why sue when you know that you are not entirely perfect !?
Siggy Say, Siggy Do
They have two licenses more than me.
Look at some of the greatest cracks in recent time that led to an arrest. The penetration itself was amazingly complex and difficult, yet the cracker accidentally forgot to clean every last fingerprint on a router in China, and the FBI found him a year later. A dumb, "amatuer" mistake led to a cracker's downfall after years of acting with impunity.
You should package this up as a lovely weee Delphi app.
So it's ok to kinda steal a little?
If you run a 210 person company, you should probably get site licensing for those apps that are essential to every worker. Otherwise, yes, as soon as you hire 10 workers you had better buy 10 more licenses for every software package they will be using.
Don't like it? Tough. Find an open source solution, find a cheaper product with better licensing, or go without.
The trade association known as "Software & Information Industry Association" scored this one. Good work boys!
Agent1: Is it...?
Agent2: I'm afraid so, piracy...again. Another good kid gone bad, anther life life thrown away.
Agent1: Damn it! When will they learn to use open source software like respectable citizens? Why must people steal something that is readily available to all?
Agent2: Pathetic, isn't it?
The insanity of 'white-hat' security companies will surely come to an end
sooner rather than later. Securing the corporate or home network simply
isn't that difficult anymore.
Thats not to say that in some way these prepubescent, security Scooby Doos
don't have their place. But today, they are simply usurped by competent
system and network administrators and the forethought of coders to write
code with security in mind.
Think back to the burgeoning days of online commerce and the cavalier
"Internet for everyone!" in the workplace roll outs. Book wise MCSEs,
trench hardened Oracle/Solaris admins, and street savvy (but cowboyish)
Linux/BSD admins were all the pointy haireds had to turn to. It was a
friggin free-for-all against many up and coming businesses as well as some
borderline brave industry Goliaths seeking a swim in the paranah infested
Internet soup. Networks and software were regularly blasted through by
kids with code they hadn't written themselves. Sometimes it happened due
to the poor design of deployed code. Sometimes it happened because the
attacks themselves were mini-masterpieces. But whatever the reason, in a
space where people could be anonymous supervillans, the will of the
Internet (of the people) to communicate persevered. The Internet
infrastructure, and the networks attached to it, and the people running
them all got a little bit smarter and a lot wiser.
Tell the guy in the suit you want to sell him a network security auditing
tool (or service), because he doesn't have the man power to do it in
house. He may be willing to pay. Tell the manager of a group of coders
you want to sell her your competence and third party viewpoint of the
security of their code. She may be willing to pay. Tell me you want to
sell me a 250,000 dollar piece of network auditing code, or scan my
network from the outside to tell me where my vulnerabilities lie without
knowing my network already, or bebop around my 30,000+ user network
analyzing a bunch of known signatures and I'll tell you to go back to the
drawing board and tell me why your first answer wasn't to invest in a
competent enough staff to make you obsolete.
The wake up call has already been dialed by the customers at large. The
VC money won't last forever. And almost none of you are as cool as you
made yourselves out to be. I suppose in the end it will be just as
amusing to watch you tear at each other in a corporate environment with
lawyers and press releases as it was to watch you tear at each other r00ts
and mailing-list posts.
http://windows.scares.us
Foundstone sues Glaser in one of these "arbitration" kangaroo courts. They get to select the kangaroo count. This all starts out stacked in their favor.
But Founstone has been breaking the law big time. And a lot of people knew it.
So this whole thing blows up in their face. And now this has so much attention the "arbitration" court has to deal off the top of the deck.
Religion is the main cause of atheism.
A reliable source claims that SCO is looking into legal action against Foundstone for infringement of their patent on Irony.
I wonder if that PDF was made with a legit copy of Acrobat.
that's a good question. Quick answer, I have no clue. There is nothing on the page that should even remotely be related to Gator. The only thing I can figure is that it might be due to the V3 redirect. I think I will change the url posted for now. Thanks for pointing it out. (although, when I went to the site, nothing tried to install)
-John
"The definition of insanity is continuing to do the same thing and hoping for different results"
One down, SCO to go.
-----
One is born into aristocracy, but mediocrity can only be achieved through hard work.
Better to pay. Your employees have every right to rat you out for stealing. I actually believe they should in fact. We use 99% open and free software and apps. But if a license is due for something we need you bet you ass we will spring for the fees for as many seats as needed.
As you can see I don't care about my karma.
I tried to reproduce the gator pop-up but I couldn't. However, I am unambigously getting pop-ups.
The gator prompt only occurred when I went to the gallery link.
This does not bode well for the industry as a whole. Think about how many companies share Foundstone's silhouette - young company, killer app, grows fast from nothing - like netForensics, ISS, et. al.
In my experience as a security analyst, the industry is chock full 'o great products that large companies hesitate to invest in because they're not IBM, Symantec, or the like. Giving 6 digits of cash to a company that could concievably go under in a year is a hard sell on my boss's boss (who signs the contracts) - and with good reason. As a result, we're left with awesome support for products that aren't always the best (IBM), or worse yet, crappy products with no support from a big company (CA).
By doing this, Foundstone has hurt a good chunk of the industry holding some great products, and by association (albeit to a lesser extent) hurt end-users of security apps like me.
akad0nric0
This sentence no verb.
Ultraedit etc
I used to think that Ultraedit was the best thing in the world, but that was before I knew *nix editors and java based editors. I mean come on, whatever your need for an editor you can have it for free better than Ultraedit. If you want clean simple and fast use vim or if your more into macros use emacs.
If you want fully featured (some call it bloatware) jedit performs good and has more plugins and functionality than ultraedit ever will. Why people still use ultraEdit, crisp, slickedit (though slickedit wins out there) is beyond me. This is one area where open source and freely avaiable programs beat commerical options just about every time.
Plus it makes you free like more of a hacker and you don't have to worry about those pesky licenses.
Why, o why must the sky fall when I've learned to fly?
"The vast majority of the software applications"
were found to be legit I am so happy.. 95% you go on to note. 5% warzed apps is too much.
Who do I trust? A company who is suit happy or Fortune mag? Well lets see. I'll go with the press and it's fact checking not an audit by one company.
what's you're IP address exactly?
try this link and see if you still get pop-ups. When I checked the surf.to/ link I *did* get a popup or two from the V3 redirect. I am certain that has to be it. And if it isn't, there isn't much I can do atm since I don't have the password to update the site (since I graduated)
-John
"The definition of insanity is continuing to do the same thing and hoping for different results"
Another Useless throw away line.
"Oh yea, I forgot we still have Republicans."
Oh I know we still have Democrats but I bet they all license every bit of software they use don't they?
WTF has someones political party got to do with it. I want to bet you these bastages at Foundstone are big and regular funders of the Democrat party and leftist causes.
That holds as much water as your statement does and has an equal amouht of proof attached to it which is Zero.
Mod me down but I am going to keep pointing this crap out and I ain't even a Republican.
This company had tried to market a ext2fs undelete tool to the computer forensics market. I looked through the binary and found several references to lib ext2 (they left all debugging symbols in so I could see exactly what files they had compiled and linked). the ext2 library is GPL and not LGPL so therefore their program should have been GPL. When we told them about it, they just wrote back and basically said "we arent violating anything". a short while later the tool disappeared from the market. Food for thought.
Nearly half of all people are below average
Turn them in and quit.
That is the most any good D E M O C R A T could do.
If you don't you are a weasle who never again can claim to be "good"
Have a nice day.
It was Republicans who lied about that furniture.
Typical lying Republican urban legend..
Nope this document was created using a HP digital sender
File -> document propertys is your friend..
Same here Linux on my desktop.
No fees paid except to the company that put out my distro. I paid because it's worth the money not because I was forced to. What a concept.
As you can see I don't care about my karma.
The reply to Kurtz was covered in an internal memo over at FC.
Wacky.
If you found a stone shoe on your foot, I think you are in trouble. Stay away from rivers, and men in suits, especially if they have violin cases with them.
Patent: from Latin patere, to be open
"Our loyal customers and market standing speak for themselves."
So because your market standing is good, means that of course you couldnt be guilty of any of this?
"employee growth (Foundstoneâ(TM)s attrition rate is below the industry average)"
Foundstone has about 120 employees. Last year about 25 or so left. That seems rather high, so I guess the industry average is higher than I thought.
"From the very beginning, NTO has vehemently objected to full discovery, even though they proclaim innocence."
So NTO should have opened all their door to your inspection because you said so?
"To demonstrate Foundstone's commitment to protecting the commercial use of other software, an independent, 3rd party audit was completed on May 2"
According to the article:
"The trade group, the Software & Information Industry Association, informed Kurtz by letter in May that it intended to pursue copyright-infringement charges against Foundstone."
So after they had been informed of a complaint, and then got word from the SIIA they very quickly jumped to clean things up.
"In our experience, having performed numerous software licensing audits"
LOL! Yeah right, numerous? HAHAHAHAHA
Don't piss people off. No matter how much you think you are right, and how much you think they deserve it. Just don't do it. Would Foundstone have lost it's reputation and been charged with so much piracy if they had just let this guy go, shurgged it off and gotten on with thier lives?
No, nothing would have happened.
The worst thing would have been that, even if this guy really did steal code, they would have a tiny new competitor with no name recognition and no clients. Just another dot-com waiting to fall flat on it's face...
If you go out of your way to not be an asshole, even to people who richly deserve it, you'll find that your life is signifigantly mor etrouble free. Maybe you don't get that two-second moment of childlike glee when you "stick it to them", but then again, is that worth possibly losing the entire company for? Foundstone thinks it is, but I disagree.
Think about it this way: if all the companies pirate windows, then microsoft will backrupt and EVERYBODY will use Linux, Evolution, OpenOffice, TeXmacs, etc.
Piracy _is_ good. Non-free software suffers from piracy.
It's bad when companies do it to other companies to benifit themselves, but it's OK when individuals do it to companies to benifit themselves.[1]
/. excuse here, used everytime the "pirate" issue comes up.] I'm certain you all are already familiar with them.
[1] [Insert
Looks like Microsoft is trying to do something similar to a couple of its former employees (ala Foundstone to Glaser):
Microsoft to Take Spinoff to Court?
Of course, we all know Microsoft is no saint.
From Japan.
A lot of game companies use that without more than 11 license.
Odd.
From my reading of the article (and other sources on the web with similar info), the thieved software was deleted in April. So an audit conducted on May 2nd, what does that prove? That they were 95% effective in deleting thieved software?
don't know where to put this, so i'll put it here:
:goto 8) ...
:(
DoS attack on "send error report" function of iexplore.exe WinMe (5.50.4807.2300)
1) open a bogus hotmail adress. the shorter the better.
2) open a bogus yahoo adress. the shorter the better.
3) write some nonsense in notepad.exe -> save as tiolpxe.txt
4) open winzip. compress the file(s) (maximum, slowest)
5) apply password to compression (IMPORTANT!)
6) log in yahoo. send email with attached compressed-encrypted tiolpxe.txt to hotmail.
7)close yahoo.
8)log in hotmail. open email sent from yahoo. try downloading attachment (save to disk).
iexplore.exe crashes -> pop-up "send error report" -> click send!
and restart iexplore.exe
repeat
to bad i can't script
-
"DAD?"
"He won't recognize you.
His mind has been subjected to an infinite
indexed database."
Does is disturb anyone else that the CEO's name is Kurtz ? Heart of darkness, apocolypse now, anyone else get the feeling this man is a genius who has become evil from spending too much time in the jungle ?
from the ironic names in the news dept.
Now, a pressing question is what about this is even news worthy? Slashdot is now helping rake a shop through the mud even though software piracy runs rampant in most businesses (especially those in the tech industry)? Are we now going to be subjected to stories like "company X accused of software piracy" where "company X" is any random org? Yes, "company X" probably has some pirated software floating around, but that doesn't mean they should get a slot on the front page. Besides, since when does the
Join Tor today!
The insanity of 'white-hat' security companies will surely come to an end sooner rather than later. Securing the corporate or home network simply isn't that difficult anymore.
So that's why networks are so secure today, right? It's quite an assumption to say that random IT people know how to do security auditing and hardening.
But today, they are simply usurped by competent system and network administrators and the forethought of coders to write code with security in mind.
Well, that's the problem. There are very few competent system and network admins and coders who keep security in mind. Also, even if they are competent, what about peer review? No matter how good you are, you should always have someone else check out your setup and/or work. There's always vulnerabilities.
By the way, you keep working on this assumption that no security problem exists in the computer industry. You insist upon it, but provide no facts or backup when the contrary is obvious from anyone with their finger on the tech industry pulse.
Tell the guy in the suit you want to sell him a network security auditing tool (or service), because he doesn't have the man power to do it in house. He may be willing to pay. Tell the manager of a group of coders you want to sell her your competence and third party viewpoint of the security of their code. She may be willing to pay. Tell me you want to sell me a 250,000 dollar piece of network auditing code, or scan my network from the outside to tell me where my vulnerabilities lie without knowing my network already, or bebop around my 30,000+ user network analyzing a bunch of known signatures and I'll tell you to go back to the drawing board and tell me why your first answer wasn't to invest in a competent enough staff to make you obsolete.
That auditing fee is chicken feed to huge corporations who have massive networks that require auditing. Foundstone isn't the kind of company that's going to provide a service for a Joe's Software Company with 10 employees. By the way, Foundstone does thorough audits, not just scanning your "network from outside to tell me where my vulnerabilkities lie without knowing my network already". Get a clue.
For every company to have an "in-house Foundstone" would be prohibitively expensive. Foundstone sells massive amounts of security experience to be applied to the job. You cannot just get that "in-house" for cheaper than what Foundstone offers. Also, Foundstone provides education services to help in-house people do a better job of analysis. Once again, you are clueless about Foundstone's business.
You, sir, are an idiot. Who moderated this rubbish up to 5?
Join Tor today!
Gator has a little timer so the pop up comes up several seconds after it is initiated.
That can sometimes appear to make Gator pop up on web sites that are not actually hosting it.
Now, maybe I can get a discount on their Ultimate hacking class at the Black Hat Briefings. Heheh..
Foundstone is not in trouble for having outdated software on their server. They are in trouble for having software that can be purchased, but they decided to distribute either unlicensed copies or copies that only had one license.
You say that companies to it to other companies to benefit themselves and individuals do it to companies to benefit themselves, but you fail to point out that although both the rogue company and the rogue individual benefit from not having to pay the purchase price of the software, the company then further benefits financially by using the software, while the individual just uses the software for personal use.
graspee
The other mind-bending analogy I like is that any executable binary program can be represented as a single number. Can you copyright 6786237544599987897343387989721333?
When I am king, you will be first against the wall.
As a former Qualys employee, I am amazed that Fortune magazine fell victim to Philippe Courtotâ(TM)s web of deception. It was a well known fact inside Qualys that they had been funding NTO in an effort to get as much Foundstone information out of NTO as possible. Philippe would go off on these long tirades on how they needed to kill Foundstone. I guess using JD and NTO was a good move on their part.
Everyone in the industry knows Philippe forces people out faster than he can hire them. Maybe the next reporter will dig a little deeper and shed some light on Qualys and their management practices.
A funny thing I've found about Winrar. I've found that for the most part for regular legit downloads rar is a no show, ie no one uses it. In fact I'm not really sure I've ever downloaded anything legal that is compressed with rar by default.
Ironically the only place rar files are really widely used is for cracking groups and warez on places like usenet. Rar is really useful to them because of its ability to join and recover multiple compressed files in a set.
I'm sure there are rar users like yourself who think the closed format is great or just happen to like the tool, but like I said for the most part its a tool used in the warez trade. Not that I care, but that's just the ONLY place where rar files show up in any quanity.
If you wanna get rich, you know that payback is a bitch
The audit took place AFTER they recieved a complaint and the SIIA put them on notice. It took place AFTER the CEO told all the employees about it being a problem that they would "address".
Funny how during my year at Foundstone I was not ever once given a valid license for ANY software I used. Neither was anyone I worked with.
Cutting taxes does cost the government money (it is income right?).
I guess you would chip in for your public derived benefit of national defense if we had no taxes.
Not all Republicans are corrupt and not all Democrats are worth a damn either. I'd say 99% of Republicans are worthless and about 50% of Democrats.
I guess the $500 Billion dollar deficit isn't an expense? How about bankrupting Social Security, Medicare and the Government in a short 3 years? Fucking pathetic. Oh BTW George Bush has spent more than the last 16 presidents by more than 50%, he just did it through deficit spending instead of real income (taxes).
Go read a fucking econ book and pull your head out of your ass, maybe then you'll do some good for the country.
While I agree with you in general, I would like to point out that "alright" is actually quite old and, while nonstandard, is not totally out of the ordinary. The Merriam-Webster entry dates it back to 1887 and says that it came into use around 75 years after "all right" had returned from a 400 year hiatus.
I am a poor speller, but I do try to avoid most of the obvious mistakes.
To your list I would like to add:
your you're
congratulations
My personal favorite is when people say, "Your an idiot."
fnord
According to this Foundstone is in bed with microsoft for anti-disclosure plan. (reported on /. )
It is funny that they are accused of pirating windows - gives new meaning to microsoft's trustworthiness.
Some information security companies tend to hire people with "questionable backgrounds" to be "professional hackers". So of course that type of personnel is going to introduce all sorts of "warez" into the corporate environment. No surprise there, except that Foundstone got ratted out on it.
I worked for one of Foundstone's competitors for a while (based in Waltham...you figure it out), before eventually quitting of my own accord. The first week on the job I got a company-wide e-mail about the network drive used to upload and download MP3's. Several weeks later we all got
word on where to upload and download "software tools". You can imagine what types of "tools" were available (some open source and some not).
There's simply not much ethics or integrity in a cottage industry that is supposed to be grounded in them. And this "piracy" issue is just the "tip of the iceberg". But of course my past association brings my integrity and ethics into question, which is just my tough luck.
I can't tell.
However, I can tell you that it was created at 1:03pm on Monday, June 9, 2003, by Robin Whaling, who seems to be a functionary at Foundstone, responsible for such things as the maintenance of security class enrollment and such. Probably and executive assistant.
I can tell you that the document was probably created on a non-current version of Distiller.
I can say with some certainty that it wasn't produced with a Macintosh version, and almost certainly was produced on a Windows, rather than Unix, version of the software.
I can also say that on April 4, they switched from using NES 4.1 on OpenBSD to a Mac OS X-centric enterprise suite as their primary webserver. Given the coincidence in dates, one wonders whether that copy of NES was licensed properly.
.@.
But what can you expect from a Sooner.
I'm glad you brought up a "fucking econ book", because you should take your own advice. Actually, you should just learn to fucking read.
I never said I was in favor of deficit spending. In fact, we should be cutting entitlement programs left and right.
But deficit spending during a recession is a normal and accepted fiscal policy to respond to recessionary conditions. If you'd read a fucking econ book you might know that. But like most Demonazis, I guess your eyes glaze over when anything with hard numbers and actually having to calculate stuff comes up.
I'm curious as to why people think tax cuts should go to people who don't pay taxes in the first place? As a reward for being indigent? And, what exactly do you consider fair taxation? Do you think your taxes are too low? Where would you be happy? Not until the "rich" are thrown out of their houses and the workers of the world stomp them underfoot, eh comrade?
alternately, "it seems you're right. XYZ does indeed crash our production server. it didn't used to, when we went through the user acceptance testing when it was first built. what has changed? is it something on, say, our network that now behaves differently? or an untested update that someone's put on the client? does it do it on a test rig? (as i'd better not fvck about with a production server that's validated and so would require a complete rebuild according to the mountain of paperwork required for, say, FDA compliance if I changed anything)"
NTO Response to the Fortune article and Foundstone response.