[ Thanks to Robert
Morrison for this link. ]
“Every time I hear about a new way to steal files from a system,
I get suspicious about why such a security bug exists in the first
place. As end users, we carry most of the liability for bug-ridden
software. Most manufacturers disclaim that liability by having us
accept some type of end-user license agreement. Such agreements
prevent end users from seeking damages when a manufacturer’s
product proves to be faulty. So when someone uses a programming
flaw (such as the nasty hole recently discovered in Netscape
Communicator) to steal files from our systems, it’s our fault
because we used the software. I’ll never understand how that makes
sense….”
“Most hardware and software manufacturers get their products
debugged for free by the world’s countless independent hackers, and
those hackers rarely get significant thanks from vendors in return
for their hard work. Instead, corporate-sponsored lobbyists push
for tough federal laws that strive to prohibit reverse engineering,
which would make most forms of software hacking illegal. So in
the future, it’s possible that if a hacker finds a serious security
problem in the code from some widely adopted OS, that hacker could
go to prison simply by reporting the flaw to the manufacturer: The
hacker would be indirectly admitting to reverse-engineering the
product. But if we can’t reverse engineer product code, we
can’t protect ourselves. We’ll be forced to trust the
manufacturer.”