Re: Copyright Misuse Doctrine in Apple v. Psystar

[Mart van de Wege]

"amicus_curious" <ACDC@sti.net> writes:

> "Mart van de Wege" <mvdwege_public@myrealbox.com> wrote in message
> 86skm6bdgk.fsf@gareth.avalon.lan">news:86skm6bdgk.fsf@gareth.avalon.lan...
>> "amicus_curious" <ACDC@sti.net> writes:
>>
>>> "Mart van de Wege" <mvdwege_public@myrealbox.com> wrote in message
>>> 86wsbic07e.fsf@gareth.avalon.lan">news:86wsbic07e.fsf@gareth.avalon.lan...
>>>> "amicus_curious" <ACDC@sti.net> writes:
>>>>
>>>>> "David Kastrup" <dak@gnu.org> wrote in message
>>>>> 85r61r4nvu.fsf@lola.goethe.zz">news:85r61r4nvu.fsf@lola.goethe.zz...
>>>>>> "amicus_curious" <ACDC@sti.net> writes:
>>>>>>
>>>>>>> If it fails early, it gets returned to the store or to the
>>>>>>> manufacturer for credit.
>>>>>>
>>>>>> If your whole computing centre gets compromised because a packet
>>>>>> logger
>>>>>> could be inserted into the router, return to the store is your least
>>>>>> problem.  Being able to determine possible scope of a security
>>>>>> breach is
>>>>>> certainly important.
>>>>>>
>>>>> You create a whole lot of hypothetical situations, but people buy
>>>>> these things at Sam's Club for $35 and they work just fine.  What
>>>>> compromise has there ever been that allowed someone to put a "packet
>>>>> logger" into the firmware of such a thing?  Who would bother?
>>>>>
>>>> Spammers who like to build botnets out of domestic PCs for example.
>>>>
>>> Do you know of any instance where the botnet was built by compromising
>>> the user's router firmware?  That is pretty farfetched.
>>>
>> Yes, and executable e-mails were once considered to be 'purely
>> theoretical'.
>>
>> I'm sorry, but threat evaluation is just a *tad* more than 'is this
>> being exploited yet?'
>>
> I don't think that you are sorry in the least.  Do you suggest that
> this theory will first find its way into someone lusting to robotize
> some kid's PC?  

I suggest this is possible, yes. 

> Even so how likely is it that the target of this exploit is savvy
> enough to have combed through the source and implemented his own fix
> enable by knowing which library version of BusyBox was in use in his
> $25 router? It would be more probable that he would win the
> Powerball Lottery twice in a row.
>
You're excluding the middle. Between not knowing anything and hacking
the firmware yourself is the possibility that knowing the exact
version numbers of the component parts gives the owner the possibility
to determine how vulnerable they are, and to take steps, ranging from
taking in the router to the reseller to have it serviced, or patching
it themselves, and everything in between.

Then again, you really don't think these things through, now do you?
Your every effort in this thread screams intellectual laziness, if not
outright stupidity.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.