[attrition] Legal goons threaten researcher for reporting security bug
security curmudgeon
jericho at attrition.org
Fri Apr 29 20:56:31 CDT 2011
This and other incidents like it are covered at:
http://attrition.org/errata/legal_threats/
---------- Forwarded message ----------
From: Richard Forno <rforno at infowarrior.org>
Legal goons threaten researcher for reporting security bug
When vuln disclosures are outlawed...
By Dan Goodin in San Francisco ? Get more from this author
Posted in Security, 29th April 2011 23:12 GMT
http://www.theregister.co.uk/2011/04/29/security_researcher_threatened/
A German software company has threatened legal action against a security
researcher who privately reported a critical vulnerability in one of its
programs, Dark Reading reports.
Legal goons from Magix AG sent a nasty gram to a researcher who goes by
?Acidgen? after he reported the stack buffer overflow in the company's
Music Maker 16. According to the report, Acidgen alerted Magix
representatives to the bug in several emails that also included
proof-of-concept code that forced the Windows calculator to open,
indicating the flaw could be exploited to execute malicious code on a
victim's computer.
Acidgen also provided suggestions for fixing the flaw, Dark Reading said.
He also told the representatives he planned to disclose vulnerability
details publicly once a patch was released.
[..]
More information about the attrition
mailing list