Hi all,
As you've noticed, I've stayed out of the Blosser controversy on this
mailing list.
A few reporters have called and I've tried to let them know Mr. Blosser's
side of the story from his public statements on this mailing list.
After listening to the various arguments, here's what I'll be doing:
1) I've rewritten the freesoft.htm page to include a bunch of disclaimers
- one of which is GET PERMISSION. This warning used to be in the
readme.txt file. But lets face it, that isn't the most widely read
document. I've also taken this opportunity to make installation easier.
I've also begun a long overdue FAQ. Comments are welcome.
2) As I cannot be the permission cop, Mr. Blosser's results will stand for
now. If he is charged and convicted of computer fraud, then I'll reassign
his results to "anonymous". This will occur even though his results
predate the May incident. This will be my policy in the future. Anyone
convicted will have ALL his results reassigned, no matter how they were
obtained. I don't expect this "harsh" threat to deter anyone, that's the
purpose of loss of job and possible criminal prosecution.
3) I've removed the link to the Eurocrypt project. It smells of hackery.
Personally, I hope that cooler heads prevail and USWest and the FBI drop
their case. From Aaron's statements it seems he acted in good faith and
did little to no harm. It would seem to be a weak case to charge someone
for theft of computer cycles that USWest was discarding anyway. Firing
Aaron lets USWest use him as an example to others - and get the word out as
to their computer policies. They should probably thank him for uncovering
a security hole that some truly disgruntled employee could have used to
create some SERIOUS havoc.
Still having fun,
George
