Security Researcher Threatened by Ruddington Based Software Company

Martin Hansen-Lennox

Published Wed 15 Jul by Martin Hansen-Lennox in Miscellaneous and Web News

Ruddington based Impero Software have been heavily criticised for their "inappropriate response" to the researcher who discovered serious security flaws in their software, putting over a quarter of UK school pupils at risk.

Impero make one of the most widely used tools for monitoring and restricting students’ internet use in UK schools. It is used on over a quarter of all schools in the UK.

Security researcher Slipstream (AKA Zammis Clark) recently discovered a serious security flaw that could easily leave many thousands of pupils' personal information exposed to hackers.

The company released a temporary patch for the software, but Clark found it to be virtually useless - it was penetrated again in a matter of minutes.

After informing the company and posting this information online he has since become the target of legal threats from Impero.

Their lawyers say that Clark's actions have caused “direct loss and damage” in addition to “reputational damage” and “potential damage” to numerous IT systems used by schools throughout the UK.

“In breach of the license terms, you have modified the software without our client’s authority, you have decompiled the software for purposes otherwise than to achieve interoperability and you have published confidential information about our client’s software.”

“By publicising the encryption key on the internet and on social media and other confidential information, you have enabled anyone to breach the security of our client’s software program and write destructive files to disrupt numerous software systems throughout the UK.”

Many have been critical of Impero's heavy handed response.  One IT professional said: 

"This is a totally inappropriate response. It is like walking into a party and someone points out that your shirt is on backwards and you stabbing them in the face."

  Another said: "If I used Impero's software in my school, I would now be very, very concerned. The company are approaching this issue completely the wrong way. Instead of working with security researchers to fix their faulty software, they have instead provoked, threatened and angered the one group of people who could do the most damage - both to the company, and the poor schools who are using their software."

More Information

The Security Flaw: https://gist.github.com/Wack0/bcc5a196f0874a39b08f

The Guardian Report: http://www.theguardian.com/security-flaw-found-in-school-internet-monitoring-software

Legal Threats: https://torrentfreak.com/researcher-receives-copyright-threat-after-exposing-security-hole-150715/

Be The First to Comment on This Item

  • No comments for this item yet

    Why not be the first?

Comments Closed

Comments for Security Researcher Threatened by Ruddington Based Software Company are now closed


What's New With The Team?

More Recent Updates

UK: 0115 8088303

INT: +44 (0)115 8088303

29 Royal Standard House
Standard Hill
Nottingham
NG1 6FX




Nottingham Web Development