The Story: “…Invoking both the controversial 1998 Digital Millennium Copyright Act (DMCA) and computer crime laws, Hewlett Packard (HP) has threatened to sue a team of researchers who publicized a vulnerability in the company’s Tru64 Unix operating system. In a letter sent on Monday, an HP vice president warned SnoSoft, a loosely organized research collective, that its members “could be fined up to $500,000 and imprisoned for up to five years” for its role in publishing information on a bug that lets an intruder take over a Tru64 Unix system.
“HP’s dramatic warning appears to be the first time the DMCA has been invoked to stifle research related to computer security. Until now, it’s been used by copyright holders to pursue people who distribute computer programs that unlock copyrighted content such as DVDs or encrypted e-books…”
“…On July 19, a researcher at SnoSoft posted a note to SecurityFocus.com‘s popular Bugtraq mailing list with a hyperlink to a computer program letting a Tru64 user gain full administrator privileges … That public disclosure drew the ire of Kent Ferson, a vice president in HP’s Unix systems unit, who alleged in his letter on Monday that the post violated the DMCA and the Computer Fraud and Abuse Act…”
Comments: The funny thing here is that in this very News.com article I’m quoting from, CNET supplies a link to the code. All HP has done is publicized the security flaw and created a Googled hell of a mess of links to the very code they are suing over.
Furthermore, I offer this: If HP can sue a group who publish security flaw hacks, Microsoft could sue the world over! What’s next? Will Ford Motor Co. sue Mustang owners who publish how they pumped twice as many ponies from the factory small-block engine?
Pick your source for this story:
- CNET’s News.com: Security warning draws DMCA threat
- Slashdot discussion: HP Uses DMCA To Quash Vulnerability Publication
- SiliconValley.Internet.com: HP Plays Hardball With Tru64 Critic
- the Register: HP invokes DMCA to quash Tru64 bug report
- VNU Net: HP threatens Tru64 hole publisher
