North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Cisco IOS Exploit Cover Up

  • From: James Baldwin
  • Date: Thu Jul 28 13:42:50 2005 
On Jul 28, 2005, at 10:14 AM, Scott Morris wrote:
While I do think it's obnoxious to try to
censor someone, on the other hand if they have proprietary internal
information somehow that they aren't supposed to have to begin with, I don't
think it is in security's best interested to commit a crime in order to get
tighter security.

Lynn developed this information based on publicly available IOS images. There were no illegal acts committed in gaining this information nor was any proprietary information provided for its development. Reverse engineering, specifically for security testing has an exemption from the DMCA (http://cyber.law.harvard.edu/openlaw/ DVD/1201.html).

That being said, what information is he not supposed to have? All the information he had is available to anyone with a disassembler, an IOS image, and an understanding of PPC assembly.

If anything, the only "crime" he may or may not have committed is violation of an NDA with ISS, which should a contractual, civil issue not a criminal one.