[Arm-netbook] Side-Topic: Liberating PocketCHIP
David Niklas
doark at mail.com
Mon May 29 22:48:06 BST 2017
On Mon, 8 May 2017 16:38:22 +0100
Luke Kenneth Casson Leighton <lkcl at lkcl.net> wrote:
> On Mon, May 8, 2017 at 4:23 PM, <ronwirring at safe-mail.net> wrote:
>
> > Is it common to do something like this against a person?
>
> in the unethical business world? of course it is! mostly you don't
> get to hear about it, but software libre developers are different.
> they're not beholden to anyone, they're not corporate slaves, they're
> not controlled and they are entitled to speak their mind.
>
> consequently they get attacked. especially if some fucker deems that
> their "profit" is threatened.
>
> for example: there was some discussion back in 1999 as to whether
> microsoft would ever take out a contract on my life, when i was doing
> the reverse-engineering of NT domains. consequently i decided that
> the research that i was doing had best be presented responsibly to
> them as "security vulnerabilities", presented PRIVATELY to them (as a
> responsible security researcher does) and only later disclosing them
> if they didn't fix the problems in a reasonable timeframe.
>
> and that's why ISS hired me. the strategy that i deployed worked.
> one microsoft employee actually called ISS up asking them to fire me.
> ISS declined, pointing out that i was quite likely to get very pissed
> off, and would they prefer me inside pissing out or outside pissing
> in? they're absolutely right: i would have worked really really hard
> to release one devastating public zero-day security vulnerability -
> with full exploit code - every few days for several months, if they'd
> fucked with me.
<snip>
I am just a tad confused.
1. You started a reverse engineering project on NT domains.
2. You presented your success to MS as a security problem.
3. You were hired.
4. Someone in MS complained.
So, the FLOSS folks never saw your work anyway?
Thanks,
David
More information about the arm-netbook
mailing list