Slashdot Mirror

← Back to Stories (view on slashdot.org)

Foundstone Shoe On Other Foot

Posted by ryuzaki0 on from the horse-of-different-color dept.

Cimmer writes "One of the premier hack shops (to pun or not to pun) gets busted for unethically ethically hacking. After filing a lawsuit against former employee JD Glaser for supposedly jacking company source code, Foundstone gets nailed for massive internal software piracy. Tonight's entree: Foot in Mouth."

10 of 255 comments (clear)

  1. Corporate piracy is evil by Graspee_Leemoor · · Score: 5, Insightful

    Corporations who use one legal copy of software to install on all their company machines are doing damage to open-source.

    Think about it: If it were impossible for them to just rip-off Windows, Outlook, Office, Ultraedit etc. they would use Linux, Evolution, OpenOffice, Scite/emacs/vi/whatever, since they obviously don't want to spend any money on software.

    graspee

    1. Re:Corporate piracy is evil by mako · · Score: 4, Insightful
      Maybe but remember this is a special situation. A security company researching vulnerabilities must have at their disposal a huge quantity of software. Not just the stuff that they personally like to use, but, the stuff everyone else uses. Of course a researcher also often needs multiple versions of the same product. Therefore, it does not surprise me that such a company would commit copyright infringement in order to get some piece of software they will only use for a short time while testing something.

      I was wondering when this issue would raise its ugly head. After all how many amateur bug finders have the bucks to properly license all of the software they test. It seems natural to me that large companies seeking retribution against a leaked 0-day might investigate such a thing.

    2. Re:Corporate piracy is evil by Graspee_Leemoor · · Score: 5, Insightful

      "A security company researching vulnerabilities must have at their disposal a huge quantity of software."

      Which they can buy with the huge quantity of money they get from clients.

      "...it does not surprise me that such a company would commit copyright infringement in order to get some piece of software they will only use for a short time while testing something."

      If they are testing it for a client they can factor the price of the software into the price they charge the client. If they are just researching it to advance the state of knowledge in the company then they can buy it from company funds.

      "After all how many amateur bug finders have the bucks to properly license all of the software they test"

      These are not amateur bug finders though, they are a "professional" company.

      The bottom line is that nearly every business will do everything they can to maximise PROFIT, even if it means limiting the ability of other people to do the same.

      Remember the 169th rule of acquisition:

      "Competition and fair play are mutually exclusive.".

      graspee

  2. Winzip by Anonymous Coward · · Score: 5, Insightful

    How many of you run Winzip without a valid license?

  3. Re:Uneasy truce: white hats and their employers by packeteer · · Score: 4, Insightful

    Most hackers who can cover their tracks get caught in a less technical way. Just becuase your a good cracker doesn't mean your a good criminal. There is much more to commiting a crime then the actual execution. Most criminals plan up to and including their crime but rarely what they will do afterwards.

    --
    unzip; strip; touch; finger; mount; fsck; more; yes; unmount; sleep
  4. Not Suprising by j_kenpo · · Score: 4, Insightful

    Im actually very suprised at the reaction to this. How many of you have worked for small to mid-size IT related companies that havnt used unlicensed software of some sort. Its somewhat contradictory for a company to cry theft when they are thieves themselves, but then again as the old saying goes there is not honor among thieves. Ive worked for a few, and it doesnt suprise me one bit. Im not in shock or awe by this. And for a company that is one of the formost authorities on computer security to take part in cracking software isnt far fetched and is happening right now by other companies. If its for a proof of concept or for cheating the financial responsibilities. And as far as the accusation that they took the concept of the Extreme Hacking courses for their Ultimate Hacking courses, so what. How many smaller companies were founded by formers of other companies that applied their skills to do their own start-ups. This isnt ground breaking, its business as usual, even if it unethical. The only thing is since this article was pressed by Fortune, quite a bit of financial damage will be done to Foundstone, but thats the risk you take when you attack former employees when partaking in unethical practices.

  5. Re:winzip license by IvyMike · · Score: 5, Insightful
    • Anti-piracy method 1: Spend a lot of time and effort trying to keep ahead of the serial# spreaders and/or crackers, yet still fail pretty miserably, as every other program out there does. Only the honest people actually pay.
    • Anti-piracy method 2: Sit back, drink a beer, don't give a rat's ass, and the honest people still pay.
    Personally, I think WinZip's got the right idea.
  6. On fear. by mindstrm · · Score: 5, Insightful

    Partly, it's the way people act that causes fear.

    I guarantee if someone that good acts very professionaly, doens't brag about what they do, and keeps a low profile with regard to their skills, they won't have problems. If you present yourself as a rogue living on the edge, people will not trust you.

    An employer will not fire you JUST because you know how to pick a lock, but the fact that you constantly talk about what locks you picked might scare him a little.

  7. Bad for the industry, not just slashdot by akad0nric0 · · Score: 5, Insightful

    This does not bode well for the industry as a whole. Think about how many companies share Foundstone's silhouette - young company, killer app, grows fast from nothing - like netForensics, ISS, et. al.

    In my experience as a security analyst, the industry is chock full 'o great products that large companies hesitate to invest in because they're not IBM, Symantec, or the like. Giving 6 digits of cash to a company that could concievably go under in a year is a hard sell on my boss's boss (who signs the contracts) - and with good reason. As a result, we're left with awesome support for products that aren't always the best (IBM), or worse yet, crappy products with no support from a big company (CA).

    By doing this, Foundstone has hurt a good chunk of the industry holding some great products, and by association (albeit to a lesser extent) hurt end-users of security apps like me.

    --
    akad0nric0

    This sentence no verb.
  8. THE RULE IS: by clambake · · Score: 4, Insightful

    Don't piss people off. No matter how much you think you are right, and how much you think they deserve it. Just don't do it. Would Foundstone have lost it's reputation and been charged with so much piracy if they had just let this guy go, shurgged it off and gotten on with thier lives?

    No, nothing would have happened.

    The worst thing would have been that, even if this guy really did steal code, they would have a tiny new competitor with no name recognition and no clients. Just another dot-com waiting to fall flat on it's face...

    If you go out of your way to not be an asshole, even to people who richly deserve it, you'll find that your life is signifigantly mor etrouble free. Maybe you don't get that two-second moment of childlike glee when you "stick it to them", but then again, is that worth possibly losing the entire company for? Foundstone thinks it is, but I disagree.