Hacker News new | past | comments | ask | show | jobs | submit login

Publish the fact that it can be done without publishing how to do it (yes, you have to be reputable). I think it's interesting that the lawyer focused on the fact that they depackaged the chip when the (in my mind) bigger vulnerabilities don't require that.

I think it would be interesting to sue a company like CyberLock for false advertising ... "impossible to clone keys" is clearly false.




> Publish the fact that it can be done without publishing how to do it (yes, you have to be reputable).

Chances are that just changes the lawsuits to defamation ones.


Truth is an absolute defense to defamation.


Expensive lawyers and extended litigation are a non-absolute but often effective defense to truth.


Indeed, if you do so you must word your blog post very carefully not to make any claims you can't fully back-up with a PoC. Such as being very specific about what versions/configurations are vulnerable.


Which might just force you to show how you cloned the key in court ... if you can actually clone the key it's not defamation.


It'll force you to hire expensive lawyers for all the pre-court maneuvering, which tends to be a good deterrent to any small agency or freelance consultant.


Defamation suits are rare in the U.S. because they're so hard to win.


You don't have to win it to bankrupt the target with pre-court maneuverings.


And what "pre-court maneuverings" would that be?


http://en.wikipedia.org/wiki/Lawsuit#Pre-trial

See http://en.wikipedia.org/wiki/Strategic_lawsuit_against_publi... for a variety of examples of such suits.


That procedure starts with the pleadings, which aren't "pre-court." They are the first step in a court proceeding.


Here is a good starting point:

https://www.law.cornell.edu/rules/frcp




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: