-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At some point hitherto, Riad S. Wahby hath spake thusly: > Two weeks later, a story breaks in the national news that a psychopath > has taken it upon himself to rear-end all Ford cars on rainy moonlit > nights. So far, five people have died. > > Who is responsible, Ford or Consumer Reports? Do you think Ford could > successfully prosecute a lawsuit against Consumer Reports? How about the psychopath? Certainly Ford's negligence contributes, in that it allows the opportunity for the psychopath's mission... But, as I think often happens in security circles, people are often wont to overlook the responsibility of the misguided, perhaps unknown individual who is actually committing these acts, in favor of the obvious easy target with deep pockets. People who commit computer crime should be tracked down and punished according to the severity of their crime. OTOH, recent trends here in the United States suggest that legislatures are passing, and judical systems all too quick to make use of very stiff penalties for crimes which often amount to tresspassing or vandalism. Today's political climate seems to be becoming one where it's not unlikely that someone will be sentenced to life in prison for actions which largely amount to throwing a rock through someone's window -- a crime whose penalty would itself likely amount to some official court person admonishing the convicted to "don't do that again." Software vendors seem quite happy with this development. It points the blame at someone besides themselves, and relieves them again of their duty to write good software that doesn't break when you sneeze in its general direction. The possible case of HP v. SnoSoft highlights this issue. Evidently writing good software is too hard or too costly for many vendors, so they'd rather just prosecute people who make them look bad. It's cheaper, and it cuts down on the number of people willing to do the kind of research and publish the results that make the Bugtraq mailing list worth reading. Despite all the work that has been done by the security community, full disclosure seems only to have angered the software giants into using their financial resources NOT to actually fix the problems with their software, as a responsible corporate citizen would do, but instead to keep people like you from exposing them and complaining about them publicly, essentially making it illegal to do so. And through their most generous campaign donations, they have bought the support of the legislature for such atrocities as the DMCA and other similar legislation, which effectively squash your 1st Amendment right to free speech. We have wonderful agencies like the EFF and others, who take on the challenges of combating these offensive laws and their misuses, but they appear to be fighting a losing battle. We vote in public elections, and nothing happens. So I ask the Bugtraq community, what aren't we doing, that we can do to keep the corporate giants from squashing our voices, and put technology back in the hands of the people, where it belongs? - -- Derek Martin ddm@pizzashack.org - --------------------------------------------- I prefer mail encrypted with PGP/GPG! GnuPG Key ID: 0x81CFE75D Retrieve my public key at http://pgp.mit.edu Learn more about it at http://www.gnupg.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9SGAidjdlQoHP510RAur7AJ9lMgLl1chF4uXQ5c9fOSsbuescBQCfUH6P 8jWfj3hjxE3UiIRWW2WQeA8= =r89C -----END PGP SIGNATURE-----