[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Copyright Misuse Doctrine in Apple v. Psystar

From: amicus_curious
Subject: Re: Copyright Misuse Doctrine in Apple v. Psystar
Date: Mon, 23 Feb 2009 09:39:59 -0500

"Mart van de Wege" <> wrote in message 86ocwtbse3.fsf@gareth.avalon.lan">news:86ocwtbse3.fsf@gareth.avalon.lan...
"amicus_curious" <> writes:

"Mart van de Wege" <> wrote in message
"amicus_curious" <> writes:

"Mart van de Wege" <> wrote in message
"amicus_curious" <> writes:

"David Kastrup" <> wrote in message
"amicus_curious" <> writes:

If it fails early, it gets returned to the store or to the
manufacturer for credit.

If your whole computing centre gets compromised because a packet
could be inserted into the router, return to the store is your least
problem.  Being able to determine possible scope of a security
breach is
certainly important.

You create a whole lot of hypothetical situations, but people buy
these things at Sam's Club for $35 and they work just fine.  What
compromise has there ever been that allowed someone to put a "packet
logger" into the firmware of such a thing?  Who would bother?

Spammers who like to build botnets out of domestic PCs for example.

Do you know of any instance where the botnet was built by compromising
the user's router firmware?  That is pretty farfetched.

Yes, and executable e-mails were once considered to be 'purely

I'm sorry, but threat evaluation is just a *tad* more than 'is this
being exploited yet?'

I don't think that you are sorry in the least.  Do you suggest that
this theory will first find its way into someone lusting to robotize
some kid's PC?

I suggest this is possible, yes.

Well what is your thought on its being at all probable?

Even so how likely is it that the target of this exploit is savvy
enough to have combed through the source and implemented his own fix
enable by knowing which library version of BusyBox was in use in his
$25 router? It would be more probable that he would win the
Powerball Lottery twice in a row.

You're excluding the middle. Between not knowing anything and hacking
the firmware yourself is the possibility that knowing the exact
version numbers of the component parts gives the owner the possibility
to determine how vulnerable they are, and to take steps, ranging from
taking in the router to the reseller to have it serviced, or patching
it themselves, and everything in between.

Then again, you really don't think these things through, now do you?
Your every effort in this thread screams intellectual laziness, if not
outright stupidity.

Well call me all the names you want, but you are not making any sense yourself. My point is not that the data might be useful if it were available, and it is, but that the totality of those taking advantage of knowing is zero or close to it. In any case just disclosing the version of BusyBox incorporated into the device is sufficient. They do not have to publish the entire code tree to achieve that. Think efficiency.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]