Nmap Development mailing list archives
Re: [NSE script] vhosts on the same ip : copyright issues
From: jah <jah () zadkiel plus com>
Date: Tue, 26 Aug 2008 02:58:10 +0100
On 26/08/2008 02:30, eldraco wrote:
hi all, I think this is really useful, but i think there also may be a problem here. The site search.live.com is covered by the ugly "Microsoft Service Agreement" you can find here: http://help.live.com/help.aspx?project=tou&market=en-us It says things like this: -------------------------- 4. How You May Not Use the Service. In using the service, you may not: * engage in, facilitate or further unlawful conduct;
I don't really think there's anything unlawful about the scripts purpose nor the use of it. If Microsoft provide the service then they can't really argue that its use is unlawful, or can they? In my opinion there are some quite legitimate use cases and not many evil ones.
* use any automated process or service to access and/or use the service (such as a BOT, a spider, periodic caching of information stored by Microsoft, or "meta-searching");
I can see how a script could be viewed as an automated process or at least semi-automatic. But then you could argue that it's no more automatic than a web browser.
--------------------------- This could arrise really bad effects in nmap, especially if this script came by default. for example we can think of: 1- nmap can be potentially banned as an automated software in this search engines
Yes, this concerns me too, but with some HTTP headers we could make that difficult to detect.
2- our ips can be banned perhaps
I don't think that's very likely. Kind of cutting off their nose to spite their face.
3- more important: there are linux distributions out there like Debian that can not include software that have problems with a copyright issue.
I don't think that copyright comes into it. The script isn't copying the service it's merely utilising it. We could do attribution: "Results provided by Microsoft Live Search:" :)
This is true also with google and the like. Can we find a way to do this and not to break any copyright?
Maybe we should approach google, I bet they'd be happy to provide this type of functionality to Nmap! Again, such a script might be in breach of a service agreement, but I don't think it's a copyright issue. Maybe we should contact Redmond to clarify. There are measures we could take to limit the situations in which the script would run. For example, it's quite an expensive transaction in terms of time and it's not likely to be useful for non-http servers so we could limit it to targets on which it's been determined that http is running and then only when the discovery category is called, or the script explicitly called or when "all" scripts are called. jah _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE script] vhosts on the same ip Sven Klemm (Aug 25)
- Re: [NSE script] vhosts on the same ip sara fink (Aug 25)
- Re: [NSE script] vhosts on the same ip Sven Klemm (Aug 25)
- Re: [NSE script] vhosts on the same ip jah (Aug 25)
- Re: [NSE script] vhosts on the same ip : copyright issues eldraco (Aug 25)
- Re: [NSE script] vhosts on the same ip : copyright issues Arturo 'Buanzo' Busleiman (Aug 25)
- Re: [NSE script] vhosts on the same ip : copyright issues jah (Aug 25)
- Re: [NSE script] vhosts on the same ip : copyright issues eldraco (Aug 25)
- Re: [NSE script] vhosts on the same ip Fyodor (Sep 02)
- Re: [NSE script] vhosts on the same ip David Fifield (Sep 05)
- Re: [NSE script] vhosts on the same ip Kris Katterjohn (Sep 05)
- Re: [NSE script] vhosts on the same ip jah (Sep 05)
- Re: [NSE script] vhosts on the same ip Arturo 'Buanzo' Busleiman (Sep 05)
- Re: [NSE script] vhosts on the same ip David Fifield (Sep 05)
- Re: [NSE script] vhosts on the same ip Fyodor (Sep 05)
- "external" script category David Fifield (Sep 09)
- Re: [NSE script] vhosts on the same ip sara fink (Aug 25)