Previous Politech messages: http://www.politechbot.com/cgi-bin/politech.cgi?name=interz0ne I invite David to tell us who the person "working for a competitor" was (presumably one of the defendants) and what this competitor's name might be. Presumably this will all come out in court, and the defendants know this information already, so there's little reason to withhold it. -Declan --- From: [deleted --DBM] To: "Declan McCullagh" <declanat_private>, <daveat_private> Subject: From Blackboard Inc. (fwd) Date: Tue, 15 Apr 2003 17:43:26 Blackboard, Inc., has apparently responded to the story I recall seeing on both Politech and IP. I received the following from a colleague at [deleted --DBM]., which plans to install the Blackboard Learning System next fall. If Blackboard, Inc.,'s claim is true, I'm surprised that they haven't posted it on your listservers and will remain skeptical until they do. Please don't identify me as the source of these messages. > ---------- Forwarded message ---------- > Date: Tue, 15 Apr 2003 15:24:38 -0400 > From: David Yaskin <dyaskinat_private> > Reply-To: blkbrd-l - "Listserv" <BLKBRD-Lat_private> > Comments: cc: jqjat_private > Subject: Re: very troubling behavior by Blackboard Inc. > To: BLKBRD-Lat_private > > Hi JQ: > > As you know, I try not to participate directly in the list out of > respect for its independence as a community. But I think the issues you > raise warrant a very clear response. As a long time developer, I see > both sides of the role that hackers often play. This is not one of > those situations. > > At issue were the actions of a person working for a competitor who > committed a physical crime and put many nonprofit academic institutions > in potential jeopardy. Without going into too much detail, working for > a competitor, an individual physically broke into hardware components > belonging to a university solely to publicly distribute information that > could enable a select group to falsify security events and financial > transactions, putting the general public and approximately 275 academic > institutions in potential jeopardy. > > It is this harm, coupled with the safety of these academic institutions > and their constituents (primarily, students and faculty) that mandated > Blackboard take a very careful and measured stance. Recognizing that > this is a crime with potentially very harmful results, we took a > position to protect our clients. > > (BTW -- as you no doubt know, this situation relates to our Bb > Transaction System product line, not the Bb learning System or Bb Portal > System). > > Blackboard recognizes that the Hacker Community plays an integral role > in assisting technology companies in improving their offerings, most > notably around security. I thought the user community might find this > clarification of value. > > Regards, > > David Yaskin > VP Product Strategy > Blackboard Inc. > > -----Original Message----- > From: JQ Johnson [mailto:jqjat_private] > Sent: Monday, April 14, 2003 4:38 PM > To: BLKBRD-Lat_private > Subject: very troubling behavior by Blackboard Inc. > > According to an article on slashdot > (http://features.slashdot.org/features/03/04/14/1846250.shtml?tid=153&tid=17 2), > Blackboard last week prevented 2 security researchers from giving a > presentation on security flaws in the Blackboard Transaction System. > Blackboard apparently cited the DMCA as justification for this gag > order. > > Whatever the actual facts are in this case, the similarities to the > Sklyarov case are obvious. > > Although the incident relates to Blackboard's transaction system rather > than to the learning system, I have at least three concerns: > > 1/ first, is it in fact the case that the transaction system is as > easily penetrated as the article suggests? If so, nobody should be using it. > But more important, should we also be concerned about security in learning > system? Have there been any independent audits of the security of > learning system? > > 2/ second, does this heavy handed behavior by Blackboard's lawyers > presage similar activities with respect to the learning system? Can I expect to > be threatened with a lawsuit or criminal action if I point out that the > blackboard database password is stored in clear text in various files on > my blackboard server? Can we expect Blackboard to shut down this listserv? > > 3/ more generally, I observe that the higher education community depends > critically on the ability openly to report the results of scientific > inquiry. What can Blackboard do to reassure us that as a corporation > they share the values that their customers hold dear? .... ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. ------------------------------------------------------------------------- To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ Like Politech? Make a donation here: http://www.politechbot.com/donate/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Apr 15 2003 - 14:59:18 PDT