Remember Impero, the school software biz that went ape over a vuln? Someone’s got revenge
From the revenge-is-a-dish-best-served-however dept.
Iain Thomson reports:
A few weeks ago, Impero hit the headlines when it threatened to sue someone called Slipstream, who had published details of a security flaw with the firm’s software. Impero produces an application that allows network administrators in schools to remotely manage devices and networks, and the flaw would have allowed someone with local access (such as a pupil) to run malicious code on any PC.
Slipstream was threatened with copyright infringement for publishing the software’s hardcoded AES key and IV; breach of contract; and breach of confidentiality. But the threats fizzled out after Slip took down details of the vulnerability.
Impero’s attitude ruffled a lot of feathers in the UK security community, and seems to have particularly irritated Leeming. So he printed out 9,001 copies of an exploit for Impero’s security holes, and delivered them to the company, as well as sending them a copy on a floppy disc (although who has a floppy drive these days?)
Read more on The Register.