lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: adam.lydick at verizon.net (Adam Lydick)
Subject: [OT] software license costs - Re: The Two Faces
	of Foundstone

Server software with per-seat licenses. 

I think there is a graphics package called "Maya" that some of the
multimedia students at my old university used.

Any package designed for the "enterprise" instead of small biz and
consumers.

AdamL

On Wed, 2003-06-11 at 21:00, xlopkov@....cc wrote:
> > Outlook folder called Tools, available to everyone on staff. Employees
> > say they were told to download whatever programs they needed by using
> > license keys registered only to McClure or Bahadur. (Legally Foundstone
> > should have paid for each user.) The unauthorized software ranged in
> 
> > value from $35 to $15,000 per user and included everything from Acrobat
> > to X-WinPro. 
> 
> 
> 
> an offtopic question. 15k for one user license. can anyone give me an
> example of something. 
> i'm just curious
> thanks
> 
> 
> 
> On Tue, 10 Jun 2003 07:23:34 -0700, dhtml@...h.com said:
> > 
> > http://www.fortune.com/fortune/technology/articles/0,15114,457276,00.html
> > 
> > COMPUTER SECURITY
> > The Two Faces of Foundstone
> > A leading computer-security company is accused of software piracy.
> > FORTUNE
> > Monday, June 9, 2003 
> > By Richard Behar 
> > 
> > 
> > George Kurtz may be his own worst enemy. In just four years Kurtz, CEO
> > of Foundstone, and Stuart McClure, its president, created one of the
> > best-known U.S. computer-security companies by exposing the
> > vulnerabilities
> > of software firms. Thousands of FORTUNE 500 executives and government
> > officials--from the FBI and the National Security Agency to the Army,
> >  the Federal Reserve, and even the White House--have taken Foundstone's
> > Ultimate Hacking courses, at up to $4,000 per person. Motorola and Bank
> > of America have shelled out more than $300,000 each for Foundstone
> > products,
> >  and the company recently installed software to protect the FAA. 
> > 
> > But it doesn't take the skills of a hacker to see that Foundstone, a
> > privately owned $20-million-a-year company in Mission Viejo, Calif.,
> > is in trouble. It has been accused of widespread software piracy by a
> > leading industry trade group, FORTUNE has learned--charges corroborated
> > by current and former Foundstone employees and by computer printouts
> > obtained by the magazine. 
> > 
> > The trade group, the Software & Information Industry Association,
> > informed
> > Kurtz by letter in May that it intended to pursue copyright-infringement
> > charges against Foundstone. It acted after a confidential source alleged
> > that McClure and Gary Bahadur, Foundstone's chief information officer,
> >  routinely spread unlicensed software to the company's 125-member
> >  workforce;
> > that Kurtz was aware of that practice; and that in early April the CEO
> > ordered his staff to delete unlicensed software from their computers.
> > "They're gambling with their reputation," says Keith Kupferschmid, head
> > of the association's antipiracy unit, which investigated and found the
> > allegations credible. "That's not a smart thing to do." 
> > 
> > Kurtz vehemently denies the company engaged in piracy. "We have strict
> > policies against piracy," he says. "We take intellectual property very
> > seriously, given that we are a software company." He adds that Foundstone
> > conducted an internal audit in April, "and we're in compliance." 
> > 
> > The evidence suggests otherwise. For years, according to former
> > employees,
> >  top executives at Foundstone dumped a seemingly endless supply of the
> > latest software onto a company server called Zeus and into a Microsoft
> > Outlook folder called Tools, available to everyone on staff. Employees
> > say they were told to download whatever programs they needed by using
> > license keys registered only to McClure or Bahadur. (Legally Foundstone
> > should have paid for each user.) The unauthorized software ranged in
> > value from $35 to $15,000 per user and included everything from Acrobat
> > to X-WinPro. 
> > 
> > "They've stolen pretty much everything when it comes to software," says
> > a founding employee who asked not to be named. The company even cracked
> > Microsoft's operating system, Windows XP, says Dan Kuykendall, a former
> > Foundstone software engineer, "so you could install it on multiple
> > computers
> > without any problems." The founding employee estimates that only 5% of
> > the software used at Foundstone was paid for. (Foundstone's lawyers say
> > that only 5% was unlicensed and that the company has spent more than
> > $1.5 million on software.) Foundstone also trained thousands of corporate
> > and government security personnel on software that it duplicated in ways
> > that avoided triggering license fees, according to Kurt Weiss, a training
> > coordinator until last year, who says it was part of his job to copy
> > software packages onto the drives of 40 laptops per class. 
> > 
> > The use of unlicensed software is a global problem--estimates of lost
> > revenues range up to $13 billion a year--but it's rare among companies
> > whose business is safeguarding intellectual property. "We happen not
> > to have any experience with other security-software companies' doing
> > that," says William Plante, chief investigator at Symantec, a Foundstone
> > competitor. "Especially for a software company interested in protecting
> > its own copyrighted material. If true, it's pretty unconscionable." 
> > 
> > One software package available on Foundstone's server was Teleport Pro,
> >  an offline browser program made by Tennyson Maxwell Information Systems.
> > Only Bahadur had a license, says Michael Del Monte, Tennyson's top
> > developer.
> > "That's a no-no," he says. "Companies are pretty responsible about
> > purchasing
> > licenses for everybody who's going to be using the software. You would
> > think that as a security company, they'd be more careful about that kind
> > of thing." Another software package, UltraEdit, was in Foundstone's Tools
> > folder in violation of its one-user license, the manufacturer says. 
> > 
> > In some ways the Foundstone tale is a microcosm of the ugly side of the
> > dot-com craze--arrogance, greed, mismanagement, and stupidity. But those
> > are indulgences the computer-security industry can no longer afford.
> > The market for its services has gotten tougher. While large firms such
> > as IBM, EDS, and Symantec still dominate, the midsized players--including
> > Foundstone, @Stake, and Guardent--are duking it out for business. 
> > 
> > Foundstone's troubles began last October when the company brought a
> > trade-
> > secrets case against J.D. Glaser, its former director of engineering,
> >  accusing him of stealing proprietary code. Glaser had left Foundstone
> > in May to reactivate his old company, NT Objectives. After ten staffers
> > followed him, Foundstone got a temporary restraining order barring Glaser
> > from marketing his software. But a judge declined to grant an injunction,
> >  saying that Foundstone had not identified the trade secret and was
> >  unlikely
> > to prevail on the merits. 
> > 
> > In most industries such a dispute would have been routine. But the
> > computer-
> > security industry prides itself on being an open-source community that
> > shares innovations. That much is clear from Kurtz and McClure's
> > bestselling
> > book, Hacking Exposed, perhaps the most detailed account ever written
> > of how to hack--and defend--popular computer networks and software. 
> > 
> > Things quickly went from bad to worse. Soon after the case was filed,
> >  Jason Glassberg, Foundstone's software-consulting guru and its key
> >  contact
> > with Microsoft, the company's largest client, sent an e-mail to Kurtz.
> > "This is bullshit," he wrote. "We will regret the day we became a
> > litigious
> > company. You realize you have zero support from the rest of the company
> > on this action, don't you?" 
> > 
> > Kurtz promptly fired Glassberg, who was immediately offered work by
> > Microsoft.
> > The software giant then yanked its Foundstone business, which had
> > accounted
> > for about a quarter of the company's revenue. More staff defections
> > followed.
> > "Most of the people I know who work at Foundstone are looking for jobs
> > elsewhere," says Jeff Moss, who runs the BlackHat computer-security
> > conferences.
> > 
> > 
> > Despite losing its bid for an injunction against Glaser, Foundstone is
> > still pursuing the case in arbitration--a decision that sparked the
> > piracy
> > allegations, which will now make the case even more difficult to win.
> > "How can you have a trade secret when your product was built on software
> > that didn't belong to you?" asks Glaser. Saumil Shah, a former Foundstone
> > employee and a highly regarded technical expert, says Kurtz, McClure,
> >  and Bahadur were involved: "There is absolutely no denying that they
> > committed piracy. They did that knowingly and in huge volume." 
> > 
> > In March, Foundstone asked an arbitration judge to seal evidence of
> > software
> > piracy presented by Glaser. The company said it would preserve its
> > records.
> > But in early April, Kurtz called a staff meeting. "Don't do anything
> > with your software," Kurtz says he told his employees. Then he made his
> > next move clear: "If there's anything that's not in compliance, we'll
> > get it addressed. We get the license, or we delete it." Foundstone
> > lawyers
> > say some software has since been deleted from the company's servers,
> > but maintain that anything deleted would still be on backup tapes. 
> > 
> > It will be harder to delete Foundstone's tarnished reputation.
> > Ex-employees
> > are piling on, telling FORTUNE that Kurtz and McClure took credit for
> > other people's work and created an unusually harsh office environment.
> > (There are even allegations that Foundstone's Ultimate Hacking classes
> > were a ripoff of the Extreme Hacking classes its founders ran at Ernst
> > & Young in the 1990s.) In doing so, they are shedding light on a bunch
> > of executives who seem to have believed their press clips--Fast Company
> > recently named Kurtz one of its 50 champions of innovation--and somehow
> > got lost along the way. 
> > 
> > 
> > .
> > 
> > 
> > 
> > 
> > 
> > Concerned about your privacy? Follow this link to get
> > FREE encrypted email: https://www.hushmail.com/?l=2
> > 
> > Free, ultra-private instant messaging with Hush Messenger
> > https://www.hushmail.com/services.php?subloc=messenger&l=434
> > 
> > Big $$$ to be made with the HushMail Affiliate Program: 
> > https://www.hushmail.com/about.php?subloc=affiliate&l=427
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> > 
-- 
Adam Lydick <adam.lydick@...izon.net>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ