x404.co.uk
http://www.x404.co.uk/forum/

Researcher threatened for reporting security bug
http://www.x404.co.uk/forum/viewtopic.php?f=19&t=13524		 Page 1 of 1
Author:  rustybucket [ Sun May 01, 2011 2:15 pm ]
Post subject:  Researcher threatened for reporting security bug
From El Reg...

Quote:
A German software company has threatened legal action against a security researcher who privately reported a critical vulnerability in one of its programs, Dark Reading reports.

Oh that's some right proper genius there and no mistake...

:roll:
Author:  Amnesia10 [ Mon May 02, 2011 12:03 am ]
Post subject:  Re: Researcher threatened for reporting security bug
Well this has proved to be a disaster for them. I doubt that the software has been patched so they will now have a race to patch it before it is exploited and they have to apolgise to users. They were warned about a problem and overreacted.
Author:  forquare1 [ Mon May 02, 2011 5:52 am ]
Post subject:  Re: Researcher threatened for reporting security bug
Quote:
As you maybe [sic] aware it is illegal to release software which is intended to commit computer sabotage (e.g. Sec. 202C I No. 2 German Criminal Law). In addition this announcement together with your offering to have the vulnerability fixed by your company may be considered as an attempted extortion.


Does this mean that MAGIX could be prosecuted for having the bug? Could it mean that they will be prosecuted if they don't fix the bug?
Author:  Amnesia10 [ Mon May 02, 2011 9:56 am ]
Post subject:  Re: Researcher threatened for reporting security bug
forquare1 wrote:
Quote:
As you maybe [sic] aware it is illegal to release software which is intended to commit computer sabotage (e.g. Sec. 202C I No. 2 German Criminal Law). In addition this announcement together with your offering to have the vulnerability fixed by your company may be considered as an attempted extortion.


Does this mean that MAGIX could be prosecuted for having the bug? Could it mean that they will be prosecuted if they don't fix the bug?

The offering to fix it for a fee is making a quote. He knew exactly what the problem was and so could know exactly what would fix it. They will have to divert programers to find and fix the problem. That will cost them money.
Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/