On Mon, May 8, 2017 at 4:23 PM, ronwirring@safe-mail.net wrote:
Is it common to do something like this against a person?
in the unethical business world? of course it is! mostly you don't get to hear about it, but software libre developers are different. they're not beholden to anyone, they're not corporate slaves, they're not controlled and they are entitled to speak their mind.
consequently they get attacked. especially if some fucker deems that their "profit" is threatened.
for example: there was some discussion back in 1999 as to whether microsoft would ever take out a contract on my life, when i was doing the reverse-engineering of NT domains. consequently i decided that the research that i was doing had best be presented responsibly to them as "security vulnerabilities", presented PRIVATELY to them (as a responsible security researcher does) and only later disclosing them if they didn't fix the problems in a reasonable timeframe.
and that's why ISS hired me. the strategy that i deployed worked. one microsoft employee actually called ISS up asking them to fire me. ISS declined, pointing out that i was quite likely to get very pissed off, and would they prefer me inside pissing out or outside pissing in? they're absolutely right: i would have worked really really hard to release one devastating public zero-day security vulnerability - with full exploit code - every few days for several months, if they'd fucked with me.
luc verhaegen unfortunately did not deploy this type of strategy (muddying the P.R. waters by leveraging the "responsible security disclosure" track). if he had, then he could reasonably claim that ARM (and other unethical companies) are being highly irresponsible in trying to attack him. the technology and security press would absolutely go to town on them (as we know has been done in the past when other independent security researchers get attacked).
l.