Mattel sues hackers, wins injunction
UPDATE: And they want names, names....
The makers of Cyber Patrol, a popular Web-filtering software product, filed suit against two computer enthusiasts who are distributing a crack enabling precocious sprouts to decrypt their parents' password or the product's secret list of banned URLs and so access forbidden Web sites. Microsystems Software, in partnership with toy maker Mattel, filed a federal lawsuit Wednesday seeking an order barring crypto buffs Eddy Jansson and Matthew Skala from distributing their 'cphack' cracking utility. The pair have also written a thorough critique of the Cyber Patrol software posted here, and offering mixed conclusions. They are particularly contemptuous of the program's password and URL database encryption methods (though we wonder why more than a trivial crypto routine would be needed in a product meant to defeat precocious nine-year-olds). The software wins praise for not using keyword filtering: "the absence of filtering based on content keywords is surprising, but welcome. The technology does not exist to make content-based filtering really functional," the two critics note. "Cyber Patrol is - technically - somewhat better than NetNanny and CyberSitter, the two other censorware packages we have intimate knowledge of, but there is still far too much 16-bit code for it to be really stable." They also note that Cyber Patrol's reliance on finding and logging objectionable sites has its pitfalls, chief among them the fact that a site overlooked by the company's Web-crawlers, or one recently run up, will not be blocked. Furthermore, the list of banned URLs may itself be controversial, if not downright objectionable, to some users. In its legal filing, Mattel/Microsystems said it has suffered "irreparable harm" from the publication of the essay and attached cracking utility, which it said could destroy the market for its product by rendering it ineffective. Alternatively, the company could just put some effort into making its software more difficult to crack -- but we digress. The claim of irreparable harm is contradicted by the company's own admission that "relatively few" people are believed to have downloaded the cracking utility to date. U.S. District Judge Edward Harrington granted Mattel, which markets CyberPatrol, its request for an injunction on Friday. A preliminary hearing is scheduled for 27 March, at which time it will be decided whether the injunction should stand or not. We wonder why Mattel is being so heavy-handed in guarding that secret, encrypted list of banned URLs. One explanation is the legal heat they might be subject to from those who object to being deemed ban-worthy by a toy manufacturer. We understand that sites related to journalism, fine food, and student organisations are among the forbidden thousands. There could easily be a lawsuit or two lurking in that list, we reckon. Most disturbing, the Mattel suit seeks to order the Web hosts where the utility is published to turn over records identifying everyone who visited the Web sites and downloaded the program. Mattel wants the logs of all those who have downloaded cphack in order "to track the identities and addresses of all persons who accessed the bypass code." While it's inconceivable that any judge in his right mind would grant such an outrageous request, the mere fact of asking is so decidedly creepy that The Register wonders if the welfare of children really ought to be trusted to these people. ®
Sponsored: CISO Guide: Secure Cloud and Mobile Data