The sad consequences of full disclosure

I checked with Sid why he hasn’t been answering my emails and learned that his ISP beThere disconnected him after he warned them about a trivial-to-exploit backdoor on all their customers’ routers.
The disturbing thing about this incident is that beThere were very quick to contact us asking that we take down (or modify) the article, and apparently they were fairly quick in disconnecting Sid, but when it comes to their customers’ security they are not as diligent – the problem is obviously still there.

I thought Sid was too nice when he removed the exploit details from his post (the ‘bad’ guys can get those themselves anyway) and I think I was very correct there. On the other hand I gave beThere a compliment about how fast they reacted to this incident and I was very wrong there – it seems their concerned was solely about the bad PR.

Let me change my previous comment to this: If I were a beThere customer I’d be concerned about the fact there’s a gaping backdoor on my router and all my ISP is doing is to threaten and disconnect a CS student for making this fact public.

Share
  • Bappy

    That’s pants. I “know” Sid from the forums and he’s a decent guy, he will have done this for the right reasons, but the ISP will have seen this as greyhat work, which they won’t like.

    I certainly wouldn’t touch said ISP with a very large pole.

  • http://criticalsecurity.net Corin

    Indeed – I know sid mostly online, but also in real life now and then too, and its shitty that he’s punished for trying to help an ISP. The lesson – don’t use be-there ;(

  • Br0kenKeychain

    it’s absolutely ridiculous. People with that kind of attitude shouldn’t be in the isp business. In fact, they shouldn’t be in business at all.

  • littlegreenguy

    I was just about to buy bethere broadband. pity, I’d always heard good things about them.

    Bethere are instead of fixing a security problem to which they have been alerted and had a fix provided by the community, choosing to ignore the needs of their customers. Shows where their concerns lie really I guess.