Antivirus maker Sentinelone uses copyright claims to censor video of security research that revealed defects in its products

#1

Originally published at: https://boingboing.net/2018/08/18/sentinelone-v-streisand.html

3 Likes
#2

Antivirus companies are sketchy enough already, there’s no need to go with one that nobody has ever heard of.

3 Likes
#3

Maybe if they fix the problem, they’re admitting there was a problem, and inviting somebody to sue? Maybe there are no actual engineers on staff? This behavior amazes me every single time.

1 Like
#4

When you are selling a black box, why spend money on fancy innards when you can just use marketing?

4 Likes
#5

Now that Microsoft has a perfectly fine antivirus solution that they give away for FREE, only suckers and corporate IT departments (whose logic defies human understanding) are stupid enough to pay money for antivirus apps.

2 Likes
#7
1 Like
#8

Thanks for the link, anonymous keyword spammer. I think we all know that the most reliable and trustworthy internet security software comes from comment forum link spam. :thinking:

1 Like
#9

A Register comment mentions that the company doesn’t have a Wikipedia article. It seems they did, but it was too much of an advert even for that class of Wiki article.

Ah well, I’m sure it’ll be back soon now that there are some notable third-party references. :sunglasses:

2 Likes
#10

They will get eaten in time. Best move is to just flag it as spam.

4 Likes
#11

5b78b467eeabf792424674

2 Likes
#12

True enough. And it was already hidden when I read it. But this forum is, in part, where we all think out loud, for good or for ill :slight_smile:

2 Likes
#13

It was a ship of classic, simple design, like a flattened salmon, twenty yards long, very clean, very sleek. There was just one remarkable thing about it.

“It’s so … black!” said Ford Prefect, “you can hardly make out its shape … light just seems to fall into it!”

Zaphod said nothing. He had simply fallen in love.

The blackness of it was so extreme that it was almost impossible to tell how close you were standing to it.

“Your eyes just slide off it …” said Ford in wonder. It was an emotional moment. He bit his lip.

5 Likes
#14

Sentine lone? Sent in elone?

Any product whose name becomes unpronounceable and puzzling due to a minor capitalization error deserves to sink into oblivion.

2 Likes
#15

Sentinel One. Wow I couldn’t figure it out either. It took me years to figure out that Linkedln was Linked-in and not Linked-Ln

3 Likes
#16

:joy:
That’s some sort of index to a logarithm or something? Or vice versa?

#17

It depends on the rules. If someone discovers a bug that lets anyone log into any Dropbox account, and publishes it on YouTube rather than through a “responsible disclosure” scheme, that person has knackered the security of millions; whatever was in their heart, it would be ridiculous to treat them as if they were acting in the interests of users’ security. Dropbox should want to discourage that kind of “research”, purely on security grounds, though I am sure they’d have some thoughts about the financial damage as well.

(Yes, once a bug is discovered, the only thing gained by delaying public disclosure is “security through obscurity”, on which it is irresponsible to rely. But there’s a good chance the bug isn’t known to bad actors, and will be closed by the time they learn of it, if the vendor has a reasonable opportunity to fix it first, which is what third-party schemes aim to referee).

On the other hand, if Dropbox sued to prevent disclosure of a gaping hole they’d been sitting on for months, that would be bullshit. What would distinguish a good actor, in this respect, is that their own rules would not allow for them to do that.

It’s hard to sympathise with the perfumier and AV vendor Sentí Nèlone because antivirus software is snake oil, and because a YouTube takedown is clumsy and dumb, but when they say “if a party believes there’s a bug in our product, we expect them to follow the common disclosure practices in place that protect the entire community”, that part’s not wrong.

1 Like
#18

Agreed, the dangerous real thing would be if a researcher disclosed to a vendor and they responded with a suit. This has happened, but it’s pretty rare and almost always it’s a non tech company that is embarrassed and cries hacker.

Responsible disclosure protects everyone.

#19

This is not entirely true, earlier this year we had a “security” company allegedly partner with a trading company to short AMD stocks and then they released a big press blitz about a critical backdoor in all AMD components. The press releases were the first AMD was notified about these vulnerabilities.

When the report was released days after the press blitz it was very not interesting. Things like users are allowed to flash the BIOS (uEFI) and the BIOS controls the flashing process, so you can flash it to not allow future flashing but claim it was flashed. Secret hidden Trojan OMG, but they never built that Trojen, just claimed that someone could do it (probably) and make it undetectable (probably not).

They also laid blame on AMD for actions done by a third party chip-set provider that is also heavily used by Intel. The report didn’t mention that Intel motherboards used the same chips-sets, just that AMD was responsible for shipping a back door.

The head of the security research company firmly declared that these vulnerabilities were likely unfixable in current chips and AMD would need to issue a recall of all their chips on the market, but in less than a week AMD had patches for the worst issues.

In the end this came off as a very financially motivated attack on AMD, and not a legitimate security research endeavor. They did find real security issues, but they were mostly minor. They then just over hyped them making up gloom and doom stories.

I personally would have a hard time faulting AMD for taking legal action against a bad faith release like this.

closed #20

This topic was automatically closed after 5 days. New replies are no longer allowed.