Slashdot Mirror
Foundstone Shoe On Other Foot
Cimmer writes "One of the premier hack shops (to pun or not to pun) gets busted for unethically ethically hacking.
After filing a lawsuit against former employee JD Glaser for supposedly jacking company source code, Foundstone gets nailed for massive internal software piracy. Tonight's entree: Foot in Mouth."
I once worked with a terrific cracker (he ended up doing time for hacking into NASA owned systems at the University of Florida - in fact, I believe that he is still incarcerated). He really knew his shit, especially when it came to invisibly manipulating Cisco equipment and covering his tracks in Unix/Linux/BSD logs. He was also somewhat of a coder. He was kind of scary in a way. It was funny to see how much the entire operation of the IT department changed once we found out how good we really was, and how much the manager started reviewing technology laws. He was on our side, our white hat, and still everyone was immensely wary of him.
Even though he effortlessly secured three large networks and found glaring problems with our state-wide backbone, he was canned out of fear. He was later found guilty of causing damages to the network after his termination, at the same time he was busted for the NASA fiasco (the FBI had been watching his movements for some time). In hindsight, I can say that our cautious approach towards him was warranted, even though it caused him obvious grief when he was employed with us.
Hell, he will be making twice my salary at McAfee or something when he gets out of prison anyways, why am I feeling bad for him?
Corporations who use one legal copy of software to install on all their company machines are doing damage to open-source.
Think about it: If it were impossible for them to just rip-off Windows, Outlook, Office, Ultraedit etc. they would use Linux, Evolution, OpenOffice, Scite/emacs/vi/whatever, since they obviously don't want to spend any money on software.
graspee
US Democracy:The best person for the job (among These pre-selected choices...)
How many of you run Winzip without a valid license?
Read the damn links. Everything you mention is covered, clearly and pretty unambiguously, in the two fairly short articles cited.
In summary, though, lots of current and ex-employees of Foundstone are backing up claims that the guys at the top had wholesale software piracy going on in-house. This partly came to light as a result of going after another company, started by one former employee and now including several more, that developed a product in the same industry in a time that, according to Foundstone guys, wasn't possible without stealing their vitally important trade secrets. Except that they forgot to say what those secrets were, the other company's product was much smaller scale than the mainstream corporate offering from Foundstone, and most of the info is likely to have been freely available or at least widely known in the business, and not trade secret at all anyway. As a result of this lot, the judge who initially forbade the other company from shipping their product lifted that injunction a month or so later on the basis that there was basically nothing but someone from Foundstone's say-so that anything was wrong.
Now go read the articles, please.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
You're a moren.
"In some ways the Foundstone tale is a microcosm of the ugly side of the dot-com craze--arrogance, greed, mismanagement, and stupidity."
The ugly side?
Spare me 'the pretty side'...I don't want to know...ok, ok..someone tell me about the pretty side of the dot-com craze... Jennifer, in accounting, perhaps? A pale yellow BMW M3 parked on the sand at Pismo Beach? A new pair of oversized Berkenstocks? A shiny new blade server with redundant power supplies and terrabytes of fiber laced storage? Corner office with a wet bar?
SCO is reportedly sueing both companies saying that it was their source to begin with!
J
Im actually very suprised at the reaction to this. How many of you have worked for small to mid-size IT related companies that havnt used unlicensed software of some sort. Its somewhat contradictory for a company to cry theft when they are thieves themselves, but then again as the old saying goes there is not honor among thieves. Ive worked for a few, and it doesnt suprise me one bit. Im not in shock or awe by this. And for a company that is one of the formost authorities on computer security to take part in cracking software isnt far fetched and is happening right now by other companies. If its for a proof of concept or for cheating the financial responsibilities. And as far as the accusation that they took the concept of the Extreme Hacking courses for their Ultimate Hacking courses, so what. How many smaller companies were founded by formers of other companies that applied their skills to do their own start-ups. This isnt ground breaking, its business as usual, even if it unethical. The only thing is since this article was pressed by Fortune, quite a bit of financial damage will be done to Foundstone, but thats the risk you take when you attack former employees when partaking in unethical practices.
From the articles it would appear that Foundstone preach security and educate corporate clients & toughen their clients networks. This is done for all the valid security reasons, but is third party licensing protection part of this? No way - it is a different issue.
This is like saying that they haven't registered their cars - it is an issue,but not one that would affect their business or their abilities.
I would see some of the moronic management practices that are mentioned in the article as grounds for ceasing business with these clowns, but I cannot see why a client cares less if their consultants use legit licensed software or not. If you are buying software from them, or outsourcing work directly to them then the answer is different, but these guys IP theft has no bearing on their output, it only affects their profit margin.
Their risk - their choice - their business.
This copy of WinXP Pro I found on the net does it automatically, so there!
-Eyston
Found this on Foundstone.com:
FS Responds to Fortune
To our valued customers, partners, vendors and future customers,
The current issue of Fortune Magazine contains a lengthy article about Foundstone that significantly misrepresents the way we do business, and wrongly states that Foundstone does not respect intellectual property rights. I am writing to tell you some key facts surrounding this matter, and to correct some of the irresponsible misrepresentations and factual errors in the Fortune story.
Foundstone rigorously defends its commitment to protect intellectual property rights, and the intellectual property rights of other software makers. To demonstrate Foundstone's commitment to protecting the commercial use of other software, an independent, 3rd party audit was completed on May 2 (more than a month prior to this article). According to Harvey Liss, President of VLSystems, which conducted the independent audit, "The vast majority of the software applications running on the 510 active Foundstone systems were properly licensed. Including operating systems and applications, several hundred software programs are in current use by Foundstone and over 95% were identified as properly licensed. In our experience, having performed numerous software licensing audits, this is among the higher rates for pre-audit compliance." We recognize that for a company whose very foundations are built on protecting intellectual property, anything less than complete compliance is not acceptable. Our aggressive growth is not an excuse for non-compliance. We've taken the necessary steps to identify non-compliance and have immediately applied corrective action through new policies, procedures and education.
The sources and recent timing of these defamatory statements about Foundstone to Fortune Magazine is not a coincidence. Unfortunately, Foundstone was forced to file a lawsuit against NT Objectives, Inc. because of the misappropriation of trade secrets and our unsuccessful attempts in obtaining key information and a reasonable level of cooperation from NTO. Foundstone recently received some favorable rulings in arbitration that would allow Foundstone full discovery rights to review NTO's code. From the very beginning, NTO has vehemently objected to full discovery, even though they proclaim innocence. This Fortune article is a deliberate attempt to shift focus away from the facts of the case and divert attention to rumor, innuendo, and misinformation.
Our loyal customers and market standing speak for themselves. While macro economic factors are negatively impacting other high-tech firms, Foundstone continues to buck the trend with impressive revenue growth, employee growth (Foundstoneâ(TM)s attrition rate is below the industry average), expanded product offerings, and solid financial stability. Foundstone respects the interests of our partners, vendors and associates, and will continue to deliver the highest quality products and services to meet the needs of current and new customers.
If you have any questions about this article, I invite you to call me or Stuart McClure and weâ(TM)d be happy to give you the facts.
- Anti-piracy method 1: Spend a lot of time and effort trying to keep ahead of the serial# spreaders and/or crackers, yet still fail pretty miserably, as every other program out there does. Only the honest people actually pay.
- Anti-piracy method 2: Sit back, drink a beer, don't give a rat's ass, and the honest people still pay.
Personally, I think WinZip's got the right idea.Partly, it's the way people act that causes fear.
I guarantee if someone that good acts very professionaly, doens't brag about what they do, and keeps a low profile with regard to their skills, they won't have problems. If you present yourself as a rogue living on the edge, people will not trust you.
An employer will not fire you JUST because you know how to pick a lock, but the fact that you constantly talk about what locks you picked might scare him a little.
A reliable source claims that SCO is looking into legal action against Foundstone for infringement of their patent on Irony.
This does not bode well for the industry as a whole. Think about how many companies share Foundstone's silhouette - young company, killer app, grows fast from nothing - like netForensics, ISS, et. al.
In my experience as a security analyst, the industry is chock full 'o great products that large companies hesitate to invest in because they're not IBM, Symantec, or the like. Giving 6 digits of cash to a company that could concievably go under in a year is a hard sell on my boss's boss (who signs the contracts) - and with good reason. As a result, we're left with awesome support for products that aren't always the best (IBM), or worse yet, crappy products with no support from a big company (CA).
By doing this, Foundstone has hurt a good chunk of the industry holding some great products, and by association (albeit to a lesser extent) hurt end-users of security apps like me.
akad0nric0
This sentence no verb.
This company had tried to market a ext2fs undelete tool to the computer forensics market. I looked through the binary and found several references to lib ext2 (they left all debugging symbols in so I could see exactly what files they had compiled and linked). the ext2 library is GPL and not LGPL so therefore their program should have been GPL. When we told them about it, they just wrote back and basically said "we arent violating anything". a short while later the tool disappeared from the market. Food for thought.
Nearly half of all people are below average
Don't piss people off. No matter how much you think you are right, and how much you think they deserve it. Just don't do it. Would Foundstone have lost it's reputation and been charged with so much piracy if they had just let this guy go, shurgged it off and gotten on with thier lives?
No, nothing would have happened.
The worst thing would have been that, even if this guy really did steal code, they would have a tiny new competitor with no name recognition and no clients. Just another dot-com waiting to fall flat on it's face...
If you go out of your way to not be an asshole, even to people who richly deserve it, you'll find that your life is signifigantly mor etrouble free. Maybe you don't get that two-second moment of childlike glee when you "stick it to them", but then again, is that worth possibly losing the entire company for? Foundstone thinks it is, but I disagree.