November 14, 2003, 02:20
|
#1
|
Deity
Local Time: 20:27
Local Date: November 2, 2010
Join Date: May 1999
Location: The City State of Noosphere, CPA special envoy
Posts: 14,606
|
Gamespy's suit
The news article here detailed Gamespy's attempt to silence a security researcher with dirty legal tactics. This is nothing new, Adobe and other companies did the same thing before.
This is a very bad move on their part as this is only a move employed by companies who do not want to address the real issues, namely the lack of security in their software.
The way that DMCA can and has been used this way goes to show that it is a stupid law that needs to be repealed.
__________________
(\__/) 07/07/1937 - Never forget
(='.'=) "Claims demand evidence; extraordinary claims demand extraordinary evidence." -- Carl Sagan
(")_(") "Starting the fire from within."
|
|
|
|
November 14, 2003, 02:24
|
#2
|
King
Local Time: 12:27
Local Date: November 2, 2010
Join Date: Oct 2002
Location: Birmingham, AL
Posts: 1,595
|
I subscribe to a security group he posts in. In his own words:
Quote:
|
Just today (12 Nov 2003) opening my mailbox I have found a mail of about 1
megabyte and half and fortunally for the sender I don't use filters.
The mail has been sent by the Gamespy's lawyers asking me to remove my bug
research stuff from my site.
The stuff is composed by my proof-of-concepts and advisories written to test
and explain the bugs in the Gamespy's products found and signaled to them a
lot of months ago and completely ignored by Gamespy.
All my advisories were released to the most known and pubblic security
mailing-lists in the past so everyone can see all the release dates of them
and how Gamespy manages the bugs in its products... the best example is just
a remote buffer-overflow found and signaled to Gamespy at the end of May
2003 and still existent in the actual version of the program RogerWilco.
The other incredible thing is that the lawyers have included in the list of
"stuff to remove" also a simple program that is not a proof-of-concept or an
advisory and moreover is not directly related to Gamespy... really comic...
Continuing to read the mail (a pdf file) can be found a lot of senseless
affirmations, some reported below:
- "you have committed numerous violations of state and federal law by
illegally accessing Gamespy servers and by creating, marketing, and
distributing software which circumvents the encryption mechanism that
protects access to Gamespy's servers"... are we talking about security
bugs??? what I market???
- they say my proof-of-concepts "purport to permit to circumvent the
encryption protection of Gamespy's proprietary software, including GameSpy
3D and Roger Wilco, to obtain access to computer servers owned and operated
by GameSpy, or in some cases to cause those servers to crash"... I'm very
interested about what of my proof-of-concepts "circumemvent the encryption
protection of Gamespy". The bugs I have found are in the Gamespy's products
NOT in the Gamespy's servers.
- but the most comic affirmation is "In contrast to simply advising GameSpy
of these vulnerabilities, by publishing this software to the world at large
you are clearly facilitating the intentional crashing of GameSpy's server by
others"... I have tried to contact Gamespy EVERYTIME I have found a new bug
for MULTIPLE times but they have EVER ignored my signalations or, as
happened for the first bug in RogerWilco, they have simply "feigned" to
patch the bugs so insulting me and my research (who has read my
wilco-remix-adv.txt knows all the shameful story).
So the "common time delay" to release advisories (a week or sometimes a
month from the signalation of the bug without receiving replies) was FULLY
respected in all the occasions.
The last part of the mail/pdf talks about various DMCA's violations, US's
laws and moreover "crime"!
Bug research is a crime and bug researchers are criminals, didn't you know
that?
Is really shameful to see a company spending money for useless lawyers
instead to quickly patch their incredibly bugged products and moreover to
support who do bug research... what Gamespy wants is to destroy the full
disclosure and the free information encouraging the underground scene.
I think is not good for the Gamespy's users to know that the main goal of
Gamespy is just to protect itself instead to protect its users and clients.
That's the situation...
|
|
|
|
|
November 14, 2003, 02:33
|
#3
|
Deity
Local Time: 20:27
Local Date: November 2, 2010
Join Date: May 1999
Location: The City State of Noosphere, CPA special envoy
Posts: 14,606
|
Exactly. From what I have seen of previous suits that are similar, the company just gets upset because its lack of care for its clients gets exposed to the world.
__________________
(\__/) 07/07/1937 - Never forget
(='.'=) "Claims demand evidence; extraordinary claims demand extraordinary evidence." -- Carl Sagan
(")_(") "Starting the fire from within."
|
|
|
|
November 14, 2003, 03:49
|
#4
|
King
Local Time: 15:27
Local Date: November 2, 2010
Join Date: Oct 1999
Location: Shireroth
Posts: 2,792
|
http://www.gamespydaily.com/news/fullstory.asp?id=5474 (also linked to in Apolyton's misc. section)
Trusting people, it's such a delicate issue...
|
|
|
|
November 14, 2003, 04:01
|
#5
|
Deity
Local Time: 20:27
Local Date: November 2, 2010
Join Date: May 1999
Location: The City State of Noosphere, CPA special envoy
Posts: 14,606
|
That's what they all say
__________________
(\__/) 07/07/1937 - Never forget
(='.'=) "Claims demand evidence; extraordinary claims demand extraordinary evidence." -- Carl Sagan
(")_(") "Starting the fire from within."
|
|
|
|
November 14, 2003, 04:14
|
#6
|
PolyCast Thread Necromancer
Local Time: 12:27
Local Date: November 2, 2010
Join Date: Jul 2002
Location: We are all Asher now.
Posts: 1,437
|
This begs the question. Have they fixed the bugs?
|
|
|
|
November 14, 2003, 04:16
|
#7
|
Deity
Local Time: 20:27
Local Date: November 2, 2010
Join Date: May 1999
Location: The City State of Noosphere, CPA special envoy
Posts: 14,606
|
Of course not.
__________________
(\__/) 07/07/1937 - Never forget
(='.'=) "Claims demand evidence; extraordinary claims demand extraordinary evidence." -- Carl Sagan
(")_(") "Starting the fire from within."
|
|
|
|
November 14, 2003, 07:11
|
#8
|
King
Local Time: 12:27
Local Date: November 2, 2010
Join Date: Oct 2002
Location: Birmingham, AL
Posts: 1,595
|
Some of the others in the group suggested that as paying customers they should sue Gamespy for writing shoddy products and imperilling their computers with security risks.
|
|
|
|
November 14, 2003, 07:18
|
#9
|
Emperor
Local Time: 08:27
Local Date: November 2, 2010
Join Date: Mar 1999
Location: San Antonio, TX
Posts: 4,264
|
God, that guy sounds like a whiner. Sadly for him, his opinions and fan support ain't gonna count for shiite once the lawyers get to work.
If, as gamespy states, the man lost his job because of this same situation
Quote:
|
When we were first contacted, this person was associated with a small software security company. They asked if GameSpy wanted to pay a "consulting fee" to fix the hacks. However, these were not bugs; it was information about how our products work. When we brought this to the software security company's attention, they disavowed their relationship with that person and removed him from their servers.
|
and he still persisted with his efforts, then the onus is on him. He was duly warned (by both Gamespy and his former employer) and, apparently, ignored the warnings.
|
|
|
|
November 14, 2003, 11:45
|
#10
|
Deity
Local Time: 20:27
Local Date: November 2, 2010
Join Date: May 1999
Location: The City State of Noosphere, CPA special envoy
Posts: 14,606
|
Harry,
Yes, they should
John,
For those of us who know how the computer security industry works, it appears that Gamespy is in the wrong. A lot of software companies, including MS, somehow are disinterested in patching security holes.
__________________
(\__/) 07/07/1937 - Never forget
(='.'=) "Claims demand evidence; extraordinary claims demand extraordinary evidence." -- Carl Sagan
(")_(") "Starting the fire from within."
|
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is On
|
|
|
All times are GMT -4. The time now is 08:27.
|
|