Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Charisse Castagnoli (charissecharissec.com)
Date: Thu Dec 08 2011 - 10:53:59 CST
Wow - that is a creative lawyer (or a bored or not billable one)
Not sure this line of liability will work since likely all the users signed a license agreement when they bought the printer that limits their remedy. And unfair business practices are really designed to be used by competitors not consumers.
Also the supreme court has ruled that potential disclosure of PII is a "future harm that the court can not address"
thanks for pointing this out I will definitely follow the case as it develops.
(a former attorney)
On Dec 7, 2011, at 1:26 AM, Carl-Johan Bostorp wrote:
> So it looks like HP is getting sued in a class action lawsuit over the firmware upgrade “potential security vulnerability”. It’s claimed that HP knew about the vulnerability, but failed to disclose it, and this constitutes an “unfair” business act. https://docs.google.com/gview?url=http://docs.justia.com/cases/federal/district-courts/california/candce/5:2011cv05779/248220/1/0.pdf?1322863230&chrome=true
> This is the first case I’ve heard of where this happens. Will be really interesting to see what happens. With any luck, vendors will have to at least disclose the shit they choose not to fix.http://www.digitalbond.com/2011/11/08/advantech-webaccess-first-on-insecure-products-list/ … but then again, there are gradients here that can be difficult to rule.
> How much would a vendor have to disclose of vulnerabilities known but not fixed? Do they get any grace period on fixing these vulnerabilities, or must they be made public as soon as they know *anything* ? Or is it just when they decided not to fix it? If so, can we then expect vendors to have vulnerabilities rated as “undetermined” for years? Maybe a 6 months grace period from vendor notification to people starting to sue? What about severity of vulnerability?
> What do you think is reasonable?
> Carl-Johan Bostorp
> Senior Consultant
> CISSP / QSA
> Cybercom Sweden East AB
> Lindhagensgatan 126, Box 30154 SE-104 25 Stockholm
> Mobile +46 722 328 220
> Phone +46 8 726 75 00 Fax +46 8 19 33 22
> carl-johan.bostorpcybercom.com www.cybercomgroup.com
> P Think before you print
> Dailydave mailing list
Dailydave mailing list