Sign in / up

back to article Remember Impero, the school software biz that went ape over a vuln? Someone's got revenge

Nottinghamshire-based software biz Impero has a lot of recycling to do – after hacker-turned-security-researcher Cal Leeming delivered over 9,000 paper copies of a vulnerability to the company's headquarters as a protest. Youtube Video A few weeks ago, Impero hit the headlines when it threatened to sue someone called …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Happy

    as well as sending them a copy on a floppy disc (although who has a floppy drive these days?)

    I think it's called irony.

    13 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: as well as sending them a copy on a floppy disc (although who has a floppy drive these days?)

      "I think it's called irony"

      Because floppy discs are pretty rusty these days.

      6 0 Reply
  2. PNGuinn
    Stop

    email

    So - are they suggesting that they want over 9000 emails of the next vulun before they'll take notice?

    Enquiring spam filters need to know.

    7 0 Reply

  3. This post has been deleted by its author

    1. Paul Shirley
      Reply Icon

      Hacking is what you do with tools, not knowing how to use tools and most definitely not knowing how to use some obsolete tool someone else decides defines hacking.

      0 1 Reply
    2. joepie91
      Reply Icon

      Yeah, that's what we tried first. Then Impero ignored the e-mail disclosure.

      Perhaps your ire should be aimed at Impero, given that they have been non-responsive to disclosure, lying (or at best, being incompetently misinformed) about the degree of patched-ness of their code, and most of all, developing software to *spy on kids*.

      2 1 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        What a fuckwit. "Spy on kids"? Basic safeguarding by the sounds of it. Take your tinfoil hat elsewhere.

        0 0 Reply
  4. Anonymous Coward
    Anonymous Coward

    Hackivists are a scary bunch. Turning up out of the blue, wasting paper and calling people a 'dick'. Viva la revolution?

    1 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      A Muse ing

      Just think of it as a bit of theatre.

      Anonymous because it looks like a Thalia mask.

      3 0 Reply
  5. Destroy All Monsters Silver badge
    Gimp

    Think of the environment before publishing this software cockup!

    "To save future cost, time, and carbon footprint, should security researchers be contemplating similar methods, we wanted to make clear that an email to security@imperosoftware.com will suffice!"

    This sounds like the guy who has to deal with Picking Up What the Dog Left Behind tries to smoothen problems caused by Oversized Egos In a Child's Mind Supported By Lawyers in the upper echelons.

    (No these are not the names of GSVs)

    3 1 Reply
    1. Elmer Phud
      Reply Icon

      Re: Think of the environment before publishing this software cockup!

      But bloody excellent names for GSV's, though

      4 0 Reply
  6. Pascal Monett Silver badge

    "he's a legit security researcher"

    Albeit with a bit of a procedures issue, if I understood correctly.

    A "legit security researcher" does not just publish his findings on a blog these days. Step one is to contact the company and open a discussion on the subject, at least asking the company to validate the findings.

    Publish-and-be-damned is for when the company has repeatedly ignored the warnings, refused to acknowledge anything and denied all issues - that is when you go public and let the company fry, not before.

    2 2 Reply
    1. Brewster's Angle Grinder Silver badge
      Reply Icon

      Leeming != Slipstream

      And you seem to have a bit of an understanding-the-article problem, if I understand correctly. Because, the "legit security researcher" who pulled this stunt (Leeming), wasn't the guy who found the vuln (Slipstream). Slipstream may have been an arse, but it wasn't his arse that farted out a copyright infringement sue ball.

      If you're selling software, and get outed by a teenage wannabe, we can reasonably expect you to smile and gently chastise the irresponsible "researcher", rather than cry havoc and let loose the poodles of law.

      6 0 Reply
    2. Hans 1
      Reply Icon

      Re: "he's a legit security researcher"

      >Publish-and-be-damned is for when the company has repeatedly ignored the warnings, refused to acknowledge anything and denied all issues - that is when you go public and let the company fry, not before.

      Nobody said he had not written to them, his email was probably eaten by a hungry spam filter or simply ignored. If the bloke went through the trouble of finding a floppy, a compatible drive and computer, sure as hell he had already sent an email ... ;-)

      1 0 Reply
  7. Crisp

    Has the flaw actually been fixed?

    I need to know for a friend...

    3 0 Reply
    1. joepie91
      Reply Icon

      Re: Has the flaw actually been fixed?

      Not in the currently deployed version, no. They *claim* that it's fixed in a future release, but that's what they said last time.

      2 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Has the flaw actually been fixed?

        Half right. As I understand it, they've changed the AES key in the current version, so you'd have to redo slipstreams work. The next version is switching to a certificate based system which, I believe, they're basically poaching from their IRM product (I could be wrong).

        Security researchers should look at all these types of products, some of them have pretty glaring flaws, as in, no hacking required. For instance, anyone who logs onto a machine with the teacher element of AB Tutor installed can run the console.

        1 0 Reply
      2. knelmes
        Reply Icon

        Re: Has the flaw actually been fixed?

        No, they claim it has in the current version via a patch.

        0 0 Reply
  8. Shadow Systems

    Wrong way to deliver the leaflets...

    He should have loaded them into a large drone, flown it over the area, & scattered them like it were a World War Leaflet Drop across enemy lines.

    THAT would have been the British way of getting the message across.

    Bonus points for using a drone that looks like Snoopy flying a Sopwith Camel. =-)p

    3 0 Reply
    1. Robert Carnegie Silver badge
      Reply Icon

      Re: Wrong way to deliver the leaflets...

      It didn't really work in the war. Leafletting employees' cars with it, I like. A way to start a conversation, although not one that you get to be there for.

      0 0 Reply
  9. Daedalus

    He may be a sociopath...

    ... but he's OUR sociopath!

    0 0 Reply
    1. Shadow Systems
      Reply Icon

      Re: He may be a sociopath...

      I like exploring & taking the path less traveled, but I've yet to find a Socio Path.

      *Drum sting*

      I'll get my coat, it's the one with the extra long sleeves & all the buckles that latch in the back.

      =-)p

      1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon