[Arm-netbook] Side-Topic: Liberating PocketCHIP

Luke Kenneth Casson Leighton lkcl at lkcl.net
Mon May 8 16:38:22 BST 2017


On Mon, May 8, 2017 at 4:23 PM,  <ronwirring at safe-mail.net> wrote:

> Is it common to do something like this against a person?

 in the unethical business world?  of course it is!  mostly you don't
get to hear about it, but software libre developers are different.
they're not beholden to anyone, they're not corporate slaves, they're
not controlled and they are entitled to speak their mind.

 consequently they get attacked.  especially if some fucker deems that
their "profit" is threatened.

for example: there was some discussion back in 1999 as to whether
microsoft would ever take out a contract on my life, when i was doing
the reverse-engineering of NT domains.  consequently i decided that
the research that i was doing had best be presented responsibly to
them as "security vulnerabilities", presented PRIVATELY to them (as a
responsible security researcher does) and only later disclosing them
if they didn't fix the problems in a reasonable timeframe.

 and that's why ISS hired me.  the strategy that i deployed worked.
one microsoft employee actually called ISS up asking them to fire me.
ISS declined, pointing out that i was quite likely to get very pissed
off, and would they prefer me inside pissing out or outside pissing
in?  they're absolutely right: i would have worked really really hard
to release one devastating public zero-day security vulnerability -
with full exploit code - every few days for several months, if they'd
fucked with me.

 luc verhaegen unfortunately did not deploy this type of strategy
(muddying the P.R. waters by leveraging the "responsible security
disclosure" track).  if he had, then he could reasonably claim that
ARM (and other unethical companies) are being highly irresponsible in
trying to attack him.  the technology and security press would
absolutely go to town on them (as we know has been done in the past
when other independent security researchers get attacked).

 l.



More information about the arm-netbook mailing list