Re: [Full-disclosure] This crap needs to stop

From: Eliah Kagan (degeneracypressure_at_gmail.com)
Date: 11/29/05

  • Next message: InfoSecBOFH: "Re: [Full-disclosure] Hack the planet, Phrack, PHC, Projekt Mayhem, NWO and Greek Squads Alike...."
    Date: Mon, 28 Nov 2005 19:12:55 -0500
    To: full-disclosure@lists.grok.org.uk
    
    

    Paul Schmehl wrote:
    > Well, that's not what I said, but doesn't a company have a responsibility
    > to virus-check any software they ship *before* they ship it? It's not like
    > this is something so new that a normal check wouldn't have found it.
    >
    > And isn't the *effect* on the end user the same? Yes, the motivation was
    > perhaps different, but how does that matter to the customer whose computer
    > is now trojaned? Does "we didn't mean to do it" excuse them?

    > doesn't a company have a responsibility
    > to virus-check any software they ship *before* they ship it?

    Yes. I hope I didn't imply otherwise, or that it's OK to sell hard
    drives that are infected by trojans.

    > And isn't the *effect* on the end user the same?

    No. Sony is making war against its customers. They apologized
    primarily because their spying technique caused harm to the day-to-day
    operation of their customers' computers--you can see that in their
    official statements. They are only sorry because their spying
    technique was not effective enough.

    I-O Data recalled the hard drives immediately--compare this to Sony's
    reaction. (If you want to remove the rootkit, you have to give Sony
    your personal information. Sony has yet to release an official removal
    tool similar to Sophos's--that you can download anonymously.)

    There is backlash against Sony right now, but it's not clear that that
    will continue. For quite some time large corporations have been
    intruding on the rights of users to control what their own computers
    are doing. That's fundamentally what spyware is about, and that's why
    Steve Gibson (GRC.com) has been so successful with his trademarked
    phrase, "IT'S MY COMPUTER!" Many people think DRM and other things
    designed to stop people from controlling the operation of their
    computers are OK.

    For quite some time, large (and small) corporations have been
    intruding on the rights of their customers to keep their personal
    information private. This is what spyware is about, secondarily. Sony
    got burned because they did this in a politically gauche way. It's not
    as if we're not going to see this again. When we do see it again, I
    think it's important that we differentiate it from really embarrassing
    mistakes, like the one made by people at I-O Data, or we're not going
    to be able to fight it effectively.

    The effect to end users of an act carried out in maliciousness as part
    of a targeted, coordinated effort to violate their privacy and prevent
    them from controlling the behavior of their own computers is worse
    than an isolated error that is quickly addressed.

    -Eliah
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/


  • Next message: InfoSecBOFH: "Re: [Full-disclosure] Hack the planet, Phrack, PHC, Projekt Mayhem, NWO and Greek Squads Alike...."

    Relevant Pages