This post originated from an RSS feed registered with Agile Buzz by James Robertson. Original Post: Whoa - go directly to jail? Feed Title: Cincom Smalltalk Blog - Smalltalk with Rants Feed URL: http://www.cincomsmalltalk.com/rssBlog/rssBlogView.xml Feed Description: James Robertson comments on Cincom Smalltalk, the Smalltalk development community, and IT trends and issues in general. Latest Agile Buzz Posts Latest Agile Buzz Posts by James Robertson Latest Posts From Cincom Smalltalk Blog - Smalltalk with Rants

About six months later, according to defensive filings, McDanel discovered that Tornado had never fixed the vulnerability he discovered. Using the moniker "Secret Squirrel" he sent a single email to about 5600 of Tornado's customers over the course of three days, staggering the release each day to prevent flooding Tornado's email servers.

The email told Tornado's customers about the vulnerability, and directed them to his own website for information about it.

So what did Tornado? First, they scrambled to delete their own customer's emails (without their permission) to prevent them from learning about the vulnerability. Then they took other steps to conceal the hole. Ultimately, the fixed the vulnerability, and upgraded their general security.

For his efforts, McDanel was arrested, tried, convicted and sentenced to 16 months in the federal pokey, which he has now served. He has appealed his conviction to the federal Ninth Circuit Court of Appeals.

If that stands, watch reports to CERT and Bugtraq drop like stones in the pond.