Security Researcher Threatened by Ruddington Based Software Company
Impero make one of the most widely used tools for monitoring and restricting students’ internet use in UK schools. It is used on over a quarter of all schools in the UK.
Security researcher Slipstream (AKA Zammis Clark) recently discovered a serious security flaw that could easily leave many thousands of pupils' personal information exposed to hackers.
The company released a temporary patch for the software, but Clark found it to be virtually useless - it was penetrated again in a matter of minutes.
After informing the company and posting this information online he has since become the target of legal threats from Impero.
Their lawyers say that Clark's actions have caused “direct loss and damage” in addition to “reputational damage” and “potential damage” to numerous IT systems used by schools throughout the UK.
“In breach of the license terms, you have modified the software without our client’s authority, you have decompiled the software for purposes otherwise than to achieve interoperability and you have published confidential information about our client’s software.”
“By publicising the encryption key on the internet and on social media and other confidential information, you have enabled anyone to breach the security of our client’s software program and write destructive files to disrupt numerous software systems throughout the UK.”
Many have been critical of Impero's heavy handed response. One IT professional said:
"This is a totally inappropriate response. It is like walking into a party and someone points out that your shirt is on backwards and you stabbing them in the face."
Another said: "If I used Impero's software in my school, I would now be very, very concerned. The company are approaching this issue completely the wrong way. Instead of working with security researchers to fix their faulty software, they have instead provoked, threatened and angered the one group of people who could do the most damage - both to the company, and the poor schools who are using their software."
The Security Flaw: https://gist.github.com/Wack0/bcc5a196f0874a39b08f