ISP Kicks Out User Who Exposed Vulnerability

Found on Techdirt on Thursday, 19 April 2007

Apparently, a college student discovered and published a pretty major vulnerability found in the routers the company uses, allowing anyone to access the routers remotely. Rather than thank the customer for finding and highlighting a pretty serious vulnerability, the company has cut off his service and threatened him with lawsuits. Oh yeah, they also haven't bothered to fix the vulnerability -- despite it being published 7 weeks ago. The reasoning from the ISP is astounding. They claim that since they can't find any evidence that anyone ever used the vulnerability, he must have discovered it by "illegal" means.

And, of course, the ISP told the guy he's not allowed to talk about its legal threat to him -- which isn't actually legally binding. It's not clear if the ISP doesn't understand what it's done or simply doesn't want to fix the vulnerability -- but the fact that it seems to think it's ok to leave the vulnerability there and just cut off the guy who pointed it out should make other customers of BeThere wonder about how the ISP treats their security.

There will be great rejoicement amongst the customers.

Browse all articles« Previous « » Next »