Security Information Vulnerability Research Security Blog

Follow up to my post about my ex-ISP’s backdoor

April 17th, 2007 by Sid, Filed under: Commentary, Privacy, Full Disclosure, Law, Culture, Corporate Security

It’s been roughly two months since Accidental backdoor by ISP. Dan Goodin has written this whole thing nicely for everyone to read.
ISP ejects whistle-blowing student
Don’t forget to digg it :p

DiggRedditSlashdotTwitThisSphinnStumbleUpondel.icio.usFacebookGoogleTechnoratiE-mail this story to a friend!

-

Is your site safe from XSS Attacks? Sign up for Automated Vulnerability Detection Service today!

6 Comments:

  1. KaiRoer, on April 18th, 2007 at 9:03 am Said:

    Hi Sid,
    Congrats on The Register.
    I fully agree with full disclosure, but also following the governing rules of the security industry. However, that is a different discussion :)
    As to the case - the reactions of the ISP is only too common. They get pissed off, and starts shooting the messenger because they know not what to do. I have given them, and others, some tips on how to react to similar events in the future on my blog.
    Keep up the good work - now that you have learned that full disclosure is a truth with limits ;)
    Kai

  2. xyberpix, on April 18th, 2007 at 3:36 pm Said:

    Digg link for this one, please digg this up people.

    http://www.digg.com/security/ISP_threatens_legal_act_and_cuts_off_service_to_whistle_blowing_student

  3. Dan Harris, on April 18th, 2007 at 7:02 pm Said:

    Sid as I posted on the original blog - If you need any support in terms of proof - I have a copy of an email sent on the 16th March 2006 to Brett Coles @ Be pointing this backdoor out to them.

    The statement Dana Pressman made last night on their official forum looks distinctly libellous to me.

  4. Sid, on April 18th, 2007 at 7:14 pm Said:

    Dan Harris. if it comes to that I’ll be sure to contact you. You beat me by 11 months, damn. Oh well.

    Out of curiosity, what was their reply a year ago?

    It may very well be libellous, but personally I don’t care too much.

  5. Dan Harris, on April 18th, 2007 at 10:00 pm Said:

    Sid - I got two reply’s from Brett … both completely missed the point! I will admit that in my email to him I didn’t explain the consequences that thoroughly, but is that my job as a customer?

    The first reply confirmed that he passed it to Shyam (their head of tech), the second contained this gem :

    “I have asked Shyam to reply to this email direct to me so I can give more info on this topic, however this information is between us at this point and no official response will be sent until Tuesday (as I am traveling back to UK at this point)”

    Needless to say I never heard another thing on the matter. That email was dated 17/3/06

    Dan

  6. Sid, on April 18th, 2007 at 10:13 pm Said:

    Thanks for that Dan, it’s nice to know.

Leave a Comment

Security RSS Subscribe


Vulnerability Scanner