lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: xlopkov at eml.cc (xlopkov@....cc)
Subject: The Two Faces of Foundstone

> Outlook folder called Tools, available to everyone on staff. Employees
> say they were told to download whatever programs they needed by using
> license keys registered only to McClure or Bahadur. (Legally Foundstone
> should have paid for each user.) The unauthorized software ranged in

> value from $35 to $15,000 per user and included everything from Acrobat
> to X-WinPro. 



an offtopic question. 15k for one user license. can anyone give me an
example of something. 
i'm just curious
thanks



On Tue, 10 Jun 2003 07:23:34 -0700, dhtml@...h.com said:
> 
> http://www.fortune.com/fortune/technology/articles/0,15114,457276,00.html
> 
> COMPUTER SECURITY
> The Two Faces of Foundstone
> A leading computer-security company is accused of software piracy.
> FORTUNE
> Monday, June 9, 2003 
> By Richard Behar 
> 
> 
> George Kurtz may be his own worst enemy. In just four years Kurtz, CEO
> of Foundstone, and Stuart McClure, its president, created one of the
> best-known U.S. computer-security companies by exposing the
> vulnerabilities
> of software firms. Thousands of FORTUNE 500 executives and government
> officials--from the FBI and the National Security Agency to the Army,
>  the Federal Reserve, and even the White House--have taken Foundstone's
> Ultimate Hacking courses, at up to $4,000 per person. Motorola and Bank
> of America have shelled out more than $300,000 each for Foundstone
> products,
>  and the company recently installed software to protect the FAA. 
> 
> But it doesn't take the skills of a hacker to see that Foundstone, a
> privately owned $20-million-a-year company in Mission Viejo, Calif.,
> is in trouble. It has been accused of widespread software piracy by a
> leading industry trade group, FORTUNE has learned--charges corroborated
> by current and former Foundstone employees and by computer printouts
> obtained by the magazine. 
> 
> The trade group, the Software & Information Industry Association,
> informed
> Kurtz by letter in May that it intended to pursue copyright-infringement
> charges against Foundstone. It acted after a confidential source alleged
> that McClure and Gary Bahadur, Foundstone's chief information officer,
>  routinely spread unlicensed software to the company's 125-member
>  workforce;
> that Kurtz was aware of that practice; and that in early April the CEO
> ordered his staff to delete unlicensed software from their computers.
> "They're gambling with their reputation," says Keith Kupferschmid, head
> of the association's antipiracy unit, which investigated and found the
> allegations credible. "That's not a smart thing to do." 
> 
> Kurtz vehemently denies the company engaged in piracy. "We have strict
> policies against piracy," he says. "We take intellectual property very
> seriously, given that we are a software company." He adds that Foundstone
> conducted an internal audit in April, "and we're in compliance." 
> 
> The evidence suggests otherwise. For years, according to former
> employees,
>  top executives at Foundstone dumped a seemingly endless supply of the
> latest software onto a company server called Zeus and into a Microsoft
> Outlook folder called Tools, available to everyone on staff. Employees
> say they were told to download whatever programs they needed by using
> license keys registered only to McClure or Bahadur. (Legally Foundstone
> should have paid for each user.) The unauthorized software ranged in
> value from $35 to $15,000 per user and included everything from Acrobat
> to X-WinPro. 
> 
> "They've stolen pretty much everything when it comes to software," says
> a founding employee who asked not to be named. The company even cracked
> Microsoft's operating system, Windows XP, says Dan Kuykendall, a former
> Foundstone software engineer, "so you could install it on multiple
> computers
> without any problems." The founding employee estimates that only 5% of
> the software used at Foundstone was paid for. (Foundstone's lawyers say
> that only 5% was unlicensed and that the company has spent more than
> $1.5 million on software.) Foundstone also trained thousands of corporate
> and government security personnel on software that it duplicated in ways
> that avoided triggering license fees, according to Kurt Weiss, a training
> coordinator until last year, who says it was part of his job to copy
> software packages onto the drives of 40 laptops per class. 
> 
> The use of unlicensed software is a global problem--estimates of lost
> revenues range up to $13 billion a year--but it's rare among companies
> whose business is safeguarding intellectual property. "We happen not
> to have any experience with other security-software companies' doing
> that," says William Plante, chief investigator at Symantec, a Foundstone
> competitor. "Especially for a software company interested in protecting
> its own copyrighted material. If true, it's pretty unconscionable." 
> 
> One software package available on Foundstone's server was Teleport Pro,
>  an offline browser program made by Tennyson Maxwell Information Systems.
> Only Bahadur had a license, says Michael Del Monte, Tennyson's top
> developer.
> "That's a no-no," he says. "Companies are pretty responsible about
> purchasing
> licenses for everybody who's going to be using the software. You would
> think that as a security company, they'd be more careful about that kind
> of thing." Another software package, UltraEdit, was in Foundstone's Tools
> folder in violation of its one-user license, the manufacturer says. 
> 
> In some ways the Foundstone tale is a microcosm of the ugly side of the
> dot-com craze--arrogance, greed, mismanagement, and stupidity. But those
> are indulgences the computer-security industry can no longer afford.
> The market for its services has gotten tougher. While large firms such
> as IBM, EDS, and Symantec still dominate, the midsized players--including
> Foundstone, @Stake, and Guardent--are duking it out for business. 
> 
> Foundstone's troubles began last October when the company brought a
> trade-
> secrets case against J.D. Glaser, its former director of engineering,
>  accusing him of stealing proprietary code. Glaser had left Foundstone
> in May to reactivate his old company, NT Objectives. After ten staffers
> followed him, Foundstone got a temporary restraining order barring Glaser
> from marketing his software. But a judge declined to grant an injunction,
>  saying that Foundstone had not identified the trade secret and was
>  unlikely
> to prevail on the merits. 
> 
> In most industries such a dispute would have been routine. But the
> computer-
> security industry prides itself on being an open-source community that
> shares innovations. That much is clear from Kurtz and McClure's
> bestselling
> book, Hacking Exposed, perhaps the most detailed account ever written
> of how to hack--and defend--popular computer networks and software. 
> 
> Things quickly went from bad to worse. Soon after the case was filed,
>  Jason Glassberg, Foundstone's software-consulting guru and its key
>  contact
> with Microsoft, the company's largest client, sent an e-mail to Kurtz.
> "This is bullshit," he wrote. "We will regret the day we became a
> litigious
> company. You realize you have zero support from the rest of the company
> on this action, don't you?" 
> 
> Kurtz promptly fired Glassberg, who was immediately offered work by
> Microsoft.
> The software giant then yanked its Foundstone business, which had
> accounted
> for about a quarter of the company's revenue. More staff defections
> followed.
> "Most of the people I know who work at Foundstone are looking for jobs
> elsewhere," says Jeff Moss, who runs the BlackHat computer-security
> conferences.
> 
> 
> Despite losing its bid for an injunction against Glaser, Foundstone is
> still pursuing the case in arbitration--a decision that sparked the
> piracy
> allegations, which will now make the case even more difficult to win.
> "How can you have a trade secret when your product was built on software
> that didn't belong to you?" asks Glaser. Saumil Shah, a former Foundstone
> employee and a highly regarded technical expert, says Kurtz, McClure,
>  and Bahadur were involved: "There is absolutely no denying that they
> committed piracy. They did that knowingly and in huge volume." 
> 
> In March, Foundstone asked an arbitration judge to seal evidence of
> software
> piracy presented by Glaser. The company said it would preserve its
> records.
> But in early April, Kurtz called a staff meeting. "Don't do anything
> with your software," Kurtz says he told his employees. Then he made his
> next move clear: "If there's anything that's not in compliance, we'll
> get it addressed. We get the license, or we delete it." Foundstone
> lawyers
> say some software has since been deleted from the company's servers,
> but maintain that anything deleted would still be on backup tapes. 
> 
> It will be harder to delete Foundstone's tarnished reputation.
> Ex-employees
> are piling on, telling FORTUNE that Kurtz and McClure took credit for
> other people's work and created an unusually harsh office environment.
> (There are even allegations that Foundstone's Ultimate Hacking classes
> were a ripoff of the Extreme Hacking classes its founders ran at Ernst
> & Young in the 1990s.) In doing so, they are shedding light on a bunch
> of executives who seem to have believed their press clips--Fast Company
> recently named Kurtz one of its 50 champions of innovation--and somehow
> got lost along the way. 
> 
> 
> .
> 
> 
> 
> 
> 
> Concerned about your privacy? Follow this link to get
> FREE encrypted email: https://www.hushmail.com/?l=2
> 
> Free, ultra-private instant messaging with Hush Messenger
> https://www.hushmail.com/services.php?subloc=messenger&l=434
> 
> Big $$$ to be made with the HushMail Affiliate Program: 
> https://www.hushmail.com/about.php?subloc=affiliate&l=427
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

-- 
http://www.fastmail.fm - Access your email from home and the web

Powered by blists - more mailing lists