V440 SA had reportedly filed criminal complaints against not only Zielinksi's blog but also against Niebezpiecznik and Zaufana Trzecia Strona, two other Polish IT security blogs, claiming that the three were working as part of an "organized criminal group."
Since the company is filing a criminal complaint, then it's an admission from the company that the product did have a security flaw.
Otherwise, they'd only be suing for defamation and libel.
Depends on the legal system, definition and method of persecution of libel and defamation. It differs from country to country.
USA and UK tried to make the rest of the world switch to their model where defamation and libel are purely civil matter. While there was a movement in the late 90es and 2000s, that has been rolled back now in most countries. Defamation and libel in a lot of countries have been re-criminalized. The laws have been amended for the Internet age as well. Not sure where Poland stands on
So a small basically unknown company, appears to have utilized all manner of intimidation tactics, to include accusations of criminal activity, against a group of IT professionals who were merely trying to strengthen a product by identifying a vulnerability and discussing it.
If that is what a small basically unknown company is capable of doing to basically avoid embarrassment, can you imagine what a mega-corp with political power is capable of? Downright scary when you think about it.
Tip for the kids; Don't piss off Too Big To Fail, because they'll prove it. On you.
This is one of the things I've always seen as a huge problem with certain countries (of which I don't know that Poland is among) where it is actually codified in law that pointing out a security problem really is a criminal act.
Your concern/fear of mega-corps isn't misplaced, but at least most of them are operating in countries where not only is publishing security flaws not a crime, but is codified in law as explicitly legal.
It's bad enough when a mega-corp tries dragging you through court to argue your le
Yet they did have advance notice before the findings were published. Whey did they not do the quick fix only after the article went live instead of moving fast as soon as they were made aware of the vulnerability?
I don't know Polish law but I hope they have a law that allows suing the company for a frivolous lawsuit so they can not only get some court award, but also recoup their legal exopenses.
It also seems a bit ludicrous that they'd sue when it was their fault the vulnerability needed to be disclose
Whistleblowers are always punished and blacklisted. It's a great way to ruin your life. The appropriate response is exposure by anonymously dumping info where it will be exploited so the damage will coerce corrective response.
When you find someone doing evil, attack them without revealing yourself for punishment or you will accomplish nothing. It would have been better to make fools of the perps anonymously than play against them in a legal system they own.
The publicity can also help gather other business. Kevin Mitnick, one of the most notorious criminal hackers, is in business again as a security consultant. And Tsutomo Shimomura, who tracked him down and exposed the gross incompetence of the FBI in employing, shielding, and then losing track of Mr. Mitnick also gained notoriety and business precisely for tracking down Mr. Mitnick despite the FBI's blundering incompetence in the search.
Whistleblowing is also vital for news organizations, who rely on exposes
Ungrateful twits. They had a top class FREE PEN test and in-depth (free analysis). Instead of tossing $10,000 or more their way as a thanks they get PR to intimitate - even though they had advance notice. Knowingly not fixing defective product/code SHOULD be a crime, especially when holding on to false representations that it is secure.
Hasn't V440 SA heard of the Streisand effect? What a great way to generate a tonne of negative publicity, making the public doubt the competence of a company that provides security & privacy focused services.
Lesson Learned (Score:5, Insightful)
Next time just sell the "Security Issue" to "hackers" instead of the whole bother of reporting the issue.
Re:Lesson Learned (Score:5, Insightful)
V440 SA had reportedly filed criminal complaints against not only Zielinksi's blog but also against Niebezpiecznik and Zaufana Trzecia Strona, two other Polish IT security blogs, claiming that the three were working as part of an "organized criminal group."
Since the company is filing a criminal complaint, then it's an admission from the company that the product did have a security flaw.
Otherwise, they'd only be suing for defamation and libel.
Re: (Score:3)
USA and UK tried to make the rest of the world switch to their model where defamation and libel are purely civil matter. While there was a movement in the late 90es and 2000s, that has been rolled back now in most countries. Defamation and libel in a lot of countries have been re-criminalized. The laws have been amended for the Internet age as well. Not sure where Poland stands on
Re: (Score:2)
That's about as much a "lesson" as saying one should smash windows and grab stuff due to high prices. Yeah, that'll teach them.
Re: Lesson Learned (Score:2)
It's more like jiggling the door to find it unlocked, then passing that info to thieves.
Re: Lesson Learned (Score:1)
Corporate Arrogance, Amplified. (Score:5, Insightful)
So a small basically unknown company, appears to have utilized all manner of intimidation tactics, to include accusations of criminal activity, against a group of IT professionals who were merely trying to strengthen a product by identifying a vulnerability and discussing it.
If that is what a small basically unknown company is capable of doing to basically avoid embarrassment, can you imagine what a mega-corp with political power is capable of? Downright scary when you think about it.
Tip for the kids; Don't piss off Too Big To Fail, because they'll prove it. On you.
Re: (Score:3, Interesting)
This is one of the things I've always seen as a huge problem with certain countries (of which I don't know that Poland is among) where it is actually codified in law that pointing out a security problem really is a criminal act.
Your concern/fear of mega-corps isn't misplaced, but at least most of them are operating in countries where not only is publishing security flaws not a crime, but is codified in law as explicitly legal.
It's bad enough when a mega-corp tries dragging you through court to argue your le
Re: (Score:1)
Don't just put companies in that category. Gov't is the most too big to fail there is and they've proven a willingness to go further.
Re: (Score:1)
Re: (Score:2)
This is not a corporate problem. This is a condemnation of fundamental human nature. Humanity needs a massive set of bug fixes.
Re: Corporate Arrogance, Amplified. (Score:1)
All whistleblowing should be done anonymously. (Score:2, Troll)
Whistleblowers are always punished and blacklisted. It's a great way to ruin your life. The appropriate response is exposure by anonymously dumping info where it will be exploited so the damage will coerce corrective response.
When you find someone doing evil, attack them without revealing yourself for punishment or you will accomplish nothing. It would have been better to make fools of the perps anonymously than play against them in a legal system they own.
Re: (Score:3)
Re: (Score:2)
The publicity can also help gather other business. Kevin Mitnick, one of the most notorious criminal hackers, is in business again as a security consultant. And Tsutomo Shimomura, who tracked him down and exposed the gross incompetence of the FBI in employing, shielding, and then losing track of Mr. Mitnick also gained notoriety and business precisely for tracking down Mr. Mitnick despite the FBI's blundering incompetence in the search.
Whistleblowing is also vital for news organizations, who rely on exposes
Wow! (Score:5, Insightful)
Not only is UserCrypt not secure, but the company lashes out at and sues anyone who points this out! I better not use it!
Re: (Score:2)
Not only is UserCrypt not secure, but the company lashes out at and sues anyone who points this out! I better not use it!
Look at the bright side. We got a colorful name out of this move. I call it the Reverse Streisand.
(Vendor) "Our product is NOT insecure! How DARE you say it is! I'll SUE your ass!!"
* Future user base standing outside the proverbial product door, collectively vows to never open it *
Re: (Score:2)
A reverse streisand would be where you do everything in your power to publicize something but nobody gives a shit about it.
Re: (Score:3)
SJW tactics. (Score:2, Insightful)
The best bullying is to accuse others of bullying.
Any comment from Barbra Streisand so far? (Score:2)
Streisand effect? (Score:3)