GameSpy Sends DMCA-Based C&D To Security Researcher
chowbok writes "Luigi Auriemma has found several security holes GameSpy software over the past few months. He has reported them all to GameSpy but never got a response... until today, when he got a threatening letter from their lawyers. It says he's violating the DMCA, he needs to cease-and-desist, yadda yadda yadda." Update: 11/12 21:09 GMT by S : GameSpy has now posted an official response from the company's founder, Mark Surfas.
I didn't think it was possible, but my opinion of Gamespy just went even lower. If it wasn't for them hosting old Nodwick strips, they'd have no redeeming values at all.
I mean, let's face it, anyone who wants to exploit Gamespy's servers probably already knows how to do so, this guy's bug reports notwithstanding...
Kierthos
Mr. Hu is not a ninja.
It would be nice to have a list of all of them all in one place so I can make sure to never ever pay money to any organization that has used the DMCA against someone.
I think it also settles the question about full and limited disclosure. Limited disclosure is clearly a tool that allows lazy admins and developers to sit on their lazy asses while their company lawyers shoot the messengers.
What is needed now is an "official" infrastructure (mailing list/site/IRC channel/whatever) harboured somewhere with sensible laws and clearly geared toward transparent evaluation, discussion and discovery of security bugs in public software. Developers, admins and security experts welcomed, no matter their colour of their hats.
Also, it's probably worth noting that incidents like this kill a companies credibility in the various security circles. So, on the upside, I now know to avoid GameSpy software which should have their marketing people trying to figure out how to do damage control on this. Don't underestimate the power of being /.'d
You never saw a fish on the wall with its mouth shut.
About 90% of the posts prior to mine say something to the effect of, "If he hasn't contacted them, how could he have harassed them?" I think the objective thing to do is at least consider the fact that Gamespy could be telling the truth. Most posts related to this response are really dealing with semantics. This response from "Mark" was obviously almost casual in nature, so it's not a stretch to think that he may have accidentally contradicted himself with his words.
I admit that the way most of these things work out, it's likely that the company is in the wrong (not responding to bug disclosure and overreacting when the exploits get posted). But don't take everything you read on Slashdot as gospel.
Before you flame put yourself in the other guy's shoes, and before you mod me down consider if you're doing it because you disagree with me.
-- "Complacency is a far more dangerous attitude than outrage." -Naomi Littlebear