Quoth the article:

> "The listing was immediately reviewed and pulled from the site for violating our policy against

promoting illegal activity--hacking," England said in an e-mail to SecurityFocus.

So `illegal´ means here ``whatever MS doesn't like´´, right? What puts me off is that even your article doesn't question that position.

Look: a bread knife can be put to good as well as to bad uses. Still, the bread knife isn't illegal /per se/. Killing someone with it is, of course.

Knowledge about flaws is all the same. You nay use this knowledge to avoid security holes, to fix the product or (GASP!) to avoid the product altogether. Is that illegal?

I reiterate: the article quotes the original statements without giving them due critique, thus subliminally spreading the same FUD.

> "In general, research can be sold as a product. However, if the research were to violate the law or intellectual property rights then it would not be allowed."

Argh. Again a quote-of-a-quote, but the original person doesn't seem to know what she's talking about: ``law or intellectual property blah blah´´. Are they now different or what? Is a security flaw in a product of MS ``MS's intellectual property´´? (if so, now I see why they are so inmeasurably rich).

> The online auction company "prohibits the sale of items or links to items that encourage, promote, facilitate or instruct others to engage in illegal activity," according to its stated policy.

See above. Has anyone hard evidence supporting the statement that knowledge about a product's security flaws "encourage, promote, facilitate or instruct others to engage in illegal activity"? I mean -- more than a bread knife or a baseball bat?

regards

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11363/32859#32859