RE: hacker copyrights was [RE: telnetd exploit code]

["Eric D. Williams" <eric () infobro com>]

On Wednesday, July 25, 2001 9:08 PM, Greg A. Woods [SMTP:woods () weird com] 
wrote:
> [ On Wednesday, July 25, 2001 at 20:27:51 (-0400), Eric D. Williams wrote: ]
> > Subject: RE: hacker copyrights was [RE: telnetd exploit code]
> >
> > With all do respect it is clear the case especially the Godwin ref. are not
> > directly material to the issue / topic here but rather the application of
> > the principles herein as you discussed.
>
> Well I see the Godwin article as primarily discussing whether or not
> crackers can get in trouble by publishing some document that they find
> through their (illegal) efforts, and as such only marginally applicable
> to the quite opposite question posed here.

I agree.

> > I am not clear on what your allusion to  self-propagating worm is here,
> > I believe this thread started where a question was asked whether
> > a cracker would be protected from scrutiny by copyright.
>
> The question that opened this thread, IIRC, was asking whether or not
> someone publishing an analysis of a worm or virus would be violating the
> copyright of worm/virus author.  The original question also asked if the
> worm/virus code could be shared.

I concur, and an additional question was posed as a hypothetical:
On Tuesday, July 24, 2001 5:22 PM, Aaron Silver [SMTP:asilver () epoch net] wrote:
 "...I have a machine that has had some hacker code placed
 on it. I didn't authorize it to be placed on there... Am I to be denied
 investigating this code (and sharing it with others to help me investigate)
 because someone placed a copyright notice on the code."

I broadened the hypothetical by inferring that the 'hacker code' was placed or
'created' on said machine and it was discovered subsequent to the
intrusion with a copyright notice in source as in the message from this list.

The anti-scrutiny argument was bolstered by the argument of one poster saying:

On Tuesday, July 24, 2001 11:38 AM, Sebastian [SMTP:scut () nb in-berlin de] 
wrote:
"...letting a confidential source code with full copyright and confidentiality
header intact through a public mailing list. The Bugtraq mailing list was
especially noted as example even in the header, which should not be allowed
to disclose this."

and, from the offending post (parts deleted or changed to protect the 
innocent):
On Tuesday, July 24, 2001 1:59 AM, cami [SMTP:camis () mweb co za] wrote:
8<snip-----
 *
 * The contents of these coded instructions, statements and computer
 * programs may not be disclosed to third parties, copied or duplicated in
 * any form, in whole or in part, without the prior written permission of
 * h4x0r Security. This includes especially the Bugtraq mailing list, the
 * www.h4ck.co.ls website and any public exploit archive.
 *
 * (C) COPYRIGHT h4x0r Security, 2001
 * All Rights Reserved
 *
 *****************************************************************************

I guess I goofed by not explaining fully my re-stating of the question.
For the sake of clarity it is:  If found on a system as residual data/file or 
deposited
data/file on a system due to an intrusion, would this copyright affect the 
ability to
re-distribute this source code for analysis.

I think we concur that it would not limit a sysadmin in any way, in part do
to the nature of its reception. Although it *may* technically be construed
as infringement, that case probably would not stand the examination of a 
favorable judge
if couched as an exercise of forensic examination.

> Under normal circumstances, in at least many modern "Western" legal
> jurisdictions, copyright is implict and does not have to be registered
> to be valid.  This means that a virus/worm author has implicitly
> reserved all of their rights under copyright law even if they don't
> include any kind of copyright licensing notice.  So the original
> question was indeed partly on-track w.r.t. whether or not the worm/virus
> code could be shared.  While strictly speaking it's probably not legal
> to make more copies of the worm/virus code to share with other analysts,
> that doesn't mean you can't "show" your copy to them.  However as I've
> argued it would seem that due to the nature of worm/virus self-
> propagation the author must implictly relinquish his or her right to
> control redistribution, at least free redistribution, since nobody can
> prove one way or another how some second analyst might have obtained a
> copy of the code when all initial distribution is anonymous (and free).
>
> --
>                                                       Greg A. Woods
>
> +1 416 218-0098      VE3TCP      <gwoods () acm org>     <woods () robohack ca>
> Planix, Inc. <woods () planix com>;   Secrets of the Weird <woods () weird com>

Me thinks we have parity...

Ciao,

Eric Williams, Pres.
Information Brokers, Inc.    Phone: +1 202.889.4395
http://www.infobro.com/        Fax: +1 202.889.4396
               mailto:eric () infobro com
           For More Info: info () infobro com
                    PGP Public Key
   http://new.infobro.com/KeyServ/EricDWilliams.asc
Finger Print: 1055 8AED 9783 2378 73EF  7B19 0544 A590 FF65 B789