Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Legal disassembly
Mark Rasch, 2005-08-22

When security researcher and ISS employee Michael Lynn went to give a presentation at the Black Hat conference in Las Vegas, little did he know he would ignite a legal firestorm questioning whether even the act of looking for security vulnerabilities violates the law.

Comments Mode:
Legal disassembly 2005-08-22
Anonymous
This is just a general comment, vice being specific to this article. I believe that this whole disassebly issue is another example of Corporate America flexing it's monetary muscle to have laws passed for it. While I agree that intellectual copyright laws (not sure if this is the correct terminology...

[ more ]  [ reply ]
Legal disassembly 2005-08-23
Anonymous (1 replies)
Jennifer Granick did some work on the case

http://www.granick.com/archive/2005_08_01_theshout_archive.h
tml#112330515113516813...

[ more ]  [ reply ]
Re: Legal disassembly 2005-08-29
Mark D. Rasch
Actually, Jennifer did A LOT of work on the case. She represented Mr. Lynn....

[ more ]  [ reply ]
Legal disassembly 2005-08-23
Anonymous (1 replies)
Mark, I think you missed some important facts of the story. The vulnerability "exploited" by Lynn was old. Cisco had released a patch to fix that 3 months before BlackHats Conference.

The truth is that Cisco sued Lynn to stop his bad-marketing speech. In fact Lynn was claiming that that bug was f...

[ more ]  [ reply ]
Re: Legal disassembly 2005-08-23
Anonymous
I don't your correct there. Have a read of Jennifer Granick blog about the case or the zdnet interview

http://www.granick.com/archive/2005_08_01_theshout_archive.h

tml#112330515113516813...

[ more ]  [ reply ]
Legal disassembly 2005-08-23
Anonymous
An intreguing article as usual from Mr Rasch. My suggestion is to leave the definition of "responsible disclosure" up to the courts. That's what judges are good at....

[ more ]  [ reply ]
Legal disassembly 2005-08-23
Coujou
In France, such resarch is prohibited since a few months unless you have a "legitimate reason" to look for vulnerabilities. of course, the notion of "legitimate reason" is hard to define and it is the judge duty to decide if you were acting badly.

This means that if you find a vulnerability that ...

[ more ]  [ reply ]
Legal disassembly 2005-08-24
Anonymous
"Responsible" is in the eye of the beholder. "Timely" is in the eye of the beholder. The public good is served by an overarching freedom in the ability to research new technology, not in a self-censorship regime imposed by software companies.
...

[ more ]  [ reply ]
Legal disassembly 2005-08-25
Anonymous
the bad guys do it. why shouldnt the grey hats and white hats also....

[ more ]  [ reply ]
Legal disassembly 2005-08-25
Anonymous
"And if we could all agree on something like this, what would we need lawyers for?"
The vendors won't agree, because they are weasels, or because they are controlled by their lawyers, who are weasels....

[ more ]  [ reply ]
Legal disassembly 2005-08-30
Alexey Vesnin
Lynn was right and he'd touched one of the most vulnerable places in the big corporations' strategy - he disclosured the code. The one they've hiding for all the time. But they hide a source only for one reason - they're afraid to show that all the things they're doing is chargin' us and nothing mor...

[ more ]  [ reply ]
Legal disassembly 2005-11-22
squeak
When you buy a car, you're not prevented from opening the hood and taking out the engine. You're not even prevented from taking apart the engine.

Similarly, you're not prevented from analyzing each letter when you buy a book. Just as they're standardized components of words, so too are opcodes ...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus