Re: UK ISP threatens security researcher

[Stephen Wilcox <steve () telecomplete co uk>]

On Thu, Apr 19, 2007 at 06:10:06PM -0500, Gadi Evron wrote:
> On Thu, 19 Apr 2007, Will Hargrave wrote:
> > Gadi Evron wrote:
> >
> > > "A 21-year-old college student in London had his internet service
> > > terminated and was threatened with legal action after publishing details
> > > of a critical vulnerability that can compromise the security of the ISP's
> > > subscribers."
> > >
> > > I happen to know the guy, and I am saddened by this.
> >
> > In his blog post [1] he did admit to accessing other routers of Be's customers
> > using the backdoor password; this is probably [2] a criminal offence in the UK.
> >
> > I'm not sure I have as much sympathy for him as you do.
>
> The guy basically looked at his own modem, which is what this was all
> about. The rest of what he may have done is indeed up to your judgement.
>
> I am generally worried about the trend that is emerging of reporting
> security issues resulting in legal threats.

well in this case i dont know the nature of the threat but asking the guy to hold back the passwords seems reasonable

what other examples are there as you suggest a trend in hushing security vulns?

Steve