On Thu, Apr 19, 2007 at 06:10:06PM -0500, Gadi Evron wrote:
On Thu, 19 Apr 2007, Will Hargrave wrote:
Gadi Evron wrote:
"A 21-year-old college student in London had his internet service terminated and was threatened with legal action after publishing details of a critical vulnerability that can compromise the security of the ISP's subscribers."
I happen to know the guy, and I am saddened by this.
In his blog post [1] he did admit to accessing other routers of Be's customers using the backdoor password; this is probably [2] a criminal offence in the UK.
I'm not sure I have as much sympathy for him as you do.
The guy basically looked at his own modem, which is what this was all about. The rest of what he may have done is indeed up to your judgement.
I am generally worried about the trend that is emerging of reporting security issues resulting in legal threats.
well in this case i dont know the nature of the threat but asking the guy to hold back the passwords seems reasonable what other examples are there as you suggest a trend in hushing security vulns? Steve