324 DEAR HACKER
324 DEAR HACKER
You would actually have us believe that it’s best to remain silent when confronting security problems? There is no such thing as security through lack of information. All that accomplishes is the creation of a false perception. Any bit of information can be used for nefarious purposes. In fact, in this issue we’re running an article on security issues for a particular store chain’s cash registers. We have little doubt that many will see this as an endorsement of theft, which it clearly is not. People are curious. They want to know how things work and how systems can
be defeated. We exist as a forum for theoretical and specific examples of this. If we start agonizing over what people might do with the information we print, we will very quickly run out of topics that won’t have some potentially adverse affect somewhere. And as for your example involving someone figuring out a way to steal from us, we would much prefer seeing it published than to have it go on in secret among a select few individuals. At least we would have a chance to pay attention.
Dear 2600:
I find the letter you received from Microsoft (17:3) regarding your alleged software piracy interesting, but I find your response incom- prehensible. In fact, your response seems to have nothing to do with the actual content of the letter. For example, you say that Microsoft accuses you of software piracy “out of the blue,” but the letter says that they “received a report that you may have distributed illegal and/or unlicensed Microsoft software products.” Given their well-publicized anti-piracy campaign, they undoubtedly get an enormous number of these reports, legitimate and otherwise. This letter is obviously a standard boilerplate response to such a report and not an accusation of any kind. Reading it as such is like believing a letter addressed to “occupant” is meant specifically for you. If Microsoft really thought you were pirating, it would have taken the form of a subpoena, cease- and-desist order, or a horde of FBI agents breaking down your door, all of which are pretty unmistakable.
As for the “evidence” you want to see, in this case it would amount to the identity of the person who filed the report and what he claimed. Since the average complaint of this type comes from disgruntled
OUR BIGGEST FANS
employees, there’s a good place for you to start looking. And of course you’re right, the idea that a company that receives a report that you may be stealing their property would tell you about it, and provide both a simple description of the applicable laws and an easy way to contact them for more information, well that’s absolutely unfair and
a totally bizarre business practice. It’s a wonder they can stay open. I’m certain this propaganda plays well with the hordes of people who
will believe anything bad about Microsoft, but to anyone else it just makes you look foolish.
Hermit We don’t know what planet you’re orbiting, but down here on Earth we don’t just
accept these things without question. And we question the legitimacy of a com- pany that would send out such a letter without making any effort to verify the claims. It seems that anyone anywhere can simply drop a name to Microsoft and have a threatening letter sent to that name. Imagine the fear you can spread inside an organization that actually takes this kind of crap seriously. Microsoft owes us and everyone else they’ve tried to intimidate a big apology. And it’s a pity you’re not capable of seeing that.