nanog mailing list archives
Re: Cisco IOS Exploit Cover Up
From: Leo Bicknell <bicknell () ufp org>
Date: Thu, 28 Jul 2005 11:18:38 -0400
In a message written on Thu, Jul 28, 2005 at 10:14:42AM -0400, Scott Morris wrote:
And yet, look how much havoc was created there. It's always the "potential" stuff that scares people more. While I do think it's obnoxious to try to censor someone, on the other hand if they have proprietary internal information somehow that they aren't supposed to have to begin with, I don't think it is in security's best interested to commit a crime in order to get tighter security.
We don't have all the details, so I don't know what he's accused of doing which is illegal, however, from http://news.zdnet.co.uk/internet/security/0,39020375,39211011,00.htm I quote: ] The filing in US District Court for the Northern District of California ] asks the court to prevent Lynn and Black Hat from "further disclosing ] proprietary information belonging to Cisco and ISS," said John Noh, a ] Cisco spokesman. ] ] "It is our belief that the information that Lynn presented at Black Hat ] this morning is information that was illegally obtained and violated our ] intellectual-property rights," Noh added. ] ] Lynn decompiled Cisco's software for his research and by doing so ] violated the company's rights, Noh said. I am not a lawyer, and so under the current DMCA and other laws it may well be illegal to "decompile" code. That said, it sounds rather like the technical equivilant to Ralph Nader "disassembling" the Corvair to prove the suspension design was flawed. GM sure didn't like that any more than Cisco likes this incident. I don't know when we decided a program should be a black box welded shut kept from all prying eyes, and that anyone who could run a decompiler was instantly a crimimal. It probably all came about from the crazy decision that software should be licensed, not sold. We'd be in a world of hurt if anyone who figured out how to put a lift kit on his pickup was sued by ford for "disassembling" the truck and figuring out their "propretary internal designs". Why is software special? -- Leo Bicknell - bicknell () ufp org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request () tmbg org, www.tmbg.org
Attachment:
_bin
Description:
Current thread:
- RE: Cisco IOS Exploit Cover Up, (continued)
- RE: Cisco IOS Exploit Cover Up Dan Hollis (Jul 27)
- RE: Cisco IOS Exploit Cover Up Neil J. McRae (Jul 28)
- Re: Cisco IOS Exploit Cover Up Florian Weimer (Jul 28)
- Re: Cisco IOS Exploit Cover Up Leo Bicknell (Jul 28)
- Re: Cisco IOS Exploit Cover Up Christopher L. Morrow (Jul 28)
- Re: Cisco IOS Exploit Cover Up James Baldwin (Jul 28)
- Re: Cisco IOS Exploit Cover Up Eric Rescorla (Jul 28)
- Re: Cisco IOS Exploit Cover Up Brett Frankenberger (Jul 28)
- RE: Cisco IOS Exploit Cover Up Dan Hollis (Jul 27)
- Re: Cisco IOS Exploit Cover Up Florian Weimer (Jul 28)
- RE: Cisco IOS Exploit Cover Up Scott Morris (Jul 28)
- Re: Cisco IOS Exploit Cover Up Leo Bicknell (Jul 28)
- Re: Cisco IOS Exploit Cover Up Jason Frisvold (Jul 28)
- Re: Cisco IOS Exploit Cover Up James Baldwin (Jul 28)
- Re: Cisco IOS Exploit Cover Up Jared Mauch (Jul 28)
- Re: Cisco IOS Exploit Cover Up Stephen Sprunk (Jul 28)
- Re: Cisco IOS Exploit Cover Up Gordon Cook (Jul 27)
- Re: Cisco IOS Exploit Cover Up Jeff Kell (Jul 27)
- Re: Cisco IOS Exploit Cover Up Daniel Golding (Jul 27)
- Re: Cisco IOS Exploit Cover Up Network Fortius (Jul 27)