HID has claimed that teaching others about the information violates two of the company's patents, IOActive's CEO Josh Pennell told reporters in a conference call on Tuesday. On the advice of lawyers, Pennell would not describe other details about the claims.

Teaching others cannot violate a patent!

"If I say anything, HID will sue us," he said. "Large companies have lots of resources, and small companies, such as IOActive, don't."

This is not acceptable.

HID has claimed that teaching others about the information violates two of the company's patents, IOActive's CEO Josh Pennell told reporters in a conference call on Tuesday. On the advice of lawyers, Pennell would not describe other details about the claims.

This really does seem completely insane. How, in any rational sense, can this violate patent law. I thought the only way to violate a patent was to produce a *product* which incorporates methods or technologies that have been patented. Are they trying to make the claim that since information is the product of this company and researcher that the words themselves are derivative works? I don't get it.

"If I say anything, HID will sue us," he said. "Large companies have lots of resources, and small companies, such as IOActive, don't."

It feels like July, '05 all over again. I feel bad for the researcher... maybe abaddon can send him one of those fancy White Hats with "Good" emblazoned on the front, just as a consolation.

Fuck HID.

I like the statement

Asked why HID hasn't addressed the issue in more recent proximity card systems, after knowledge of RFID threats became common, Carroll said that doing so would cause "major upheaval" among customers.

In other words, "we know our shit is insecure and it will cost us a lot to fix it and even more if our clients" -- government being the largest, presumably -- "get freaked out." What a bunch of garbage.

"These systems are installed all over the place. It's not just HID, but lots of companies, and there hasn't been a problem. Now we've got a person who's saying let's get publicity for our company and show everyone how to do it, and it puts everyone at risk. Where's the sense of responsibility?" Carroll said.

This is a direct re-hash of the arguments made against Mike 2 years ago. "It's all for publicity." "It's irresponsible."

Of course, it's totally ok to sweep known security issues under the carpet and pretend everything's secure for your government clients...