Follow Slashdot stories on Twitter


Forgot your password?

Comment Re:Uh, correct me if I understood the story wrong (Score 1) 102

At some point, I wrote a small tool that used Ron Rivest's "Time Lock Puzzles" to provide lagged full disclosure... publish full disclosure that will take several months to decrypt, and privately give the vendor the decryption key to give them a head start. Getting a gag order from the courts won't help the vendor at that point, since you've already published the encrypted information and the puzzle, it's just a matter of grinding through the time lock puzzle. The time ticking on the time lock puzzle should hopefully light a fire under their rears to get a fix out. IMHO, time locked full disclosure gives you the best of both worlds... vendors have some reasonable time to implement a fix, but no amount of legal action can prevent the details from getting out several months later. The risk of "responsible disclosure" is that you can get slapped with a gag order, or at least legal threats, to prevent you from later putting pressure on the vendor for a faster fix.

Comment Re:Uh, correct me if I understood the story wrong (Score 1) 102

They didn't enter into AT&T's network uninvited, they used a public facing and unprotected URL to retrieve information that URL was intended to retrieve. This is no more intrusion than if AT&T had put that data in a public facing flat file on a server somewhere and hoped nobody discovered the URL.

Slashdot Top Deals

Man is an animal that makes bargains: no other animal does this-- no dog exchanges bones with another. -- Adam Smith