lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 18 Apr 2007 10:21:59 -0400
From: "Matt Richard" <matt.richard@...il.com>
To: "Dr. Neal Krawetz, PhD" <neal.krawetz@....hush.com>
Cc: full-disclosure@...ts.grok.org.uk, ge@...uxbox.org
Subject: Re: UK ISP threatens security researcher

On 4/18/07, Dr. Neal Krawetz, PhD <neal.krawetz@....hush.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Let's keep in mind that publishing most security information
> borders extortion.  There isn't any other industry where fat nerds
> try to strongarm large corporations into admitting there are
> weaknesses in their products, defaming them publicly, causing their
> stock prices to fall, or otherwise damaging their public image and
> thus causing financial damage, et cetera.
>

Obviously this news hasn't trickled down to investigative journalists
yet.  Does anybody know of a mailing list where fat journalism majors
hang out so this can be cross-posted?  This could save a lot of time.

In the "real world" there are a number of socially responsible
incidents where corporations were strong armed into admitting
weaknesses in products which resulted in serious financial harm.

For example during the late 1970's and early/mid 1980's investigative
television shows exposed weaknesses in a number of automobile
platforms.  These exposes were very harmful to the image and financial
well being of the attacked automakers.  I think there are very few
that would argue that this was bad for consumers.  This was also good
publicity whoring (ratings) for the television networks that aired
them.

Consumers, including the subset that buys software, have the right to
received a product that does not unreasonably place them at risk of
serious danger.  If the corporation producing the product does so in a
negligent or dangerous manner and refuses to fix or recall the problem
than some strong arming is in order.

> When was the last time an auto manufacturer was humiliated publicly
> because their car windows can easily be broken and contents of the
> car stolen?  When have chain manufacturers been chastised by the
> mass media for the existence of bolt cutters?  What about the
> serious threat of hacksaws?

I think the key is that the threat must pose serious risk of damage
due to a design flaw rather than a consequence of its usage.  And as
pointed out above auto manufacturers are humiliated when the fail to
properly design and test their products.

I'm not sure how all of this relates to the view of the "Dr."' that
all Jews hate Arabs, the original post or  Gadi needing to be treated
like a criminal.  Either way the "Dr." has some good public whoring
going on with his thoughtful and academic troll posts.

Regards,

Matt

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ