North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Cisco IOS Exploit Cover Up
On Thu, Jul 28, 2005 at 01:36:01PM -0400, James Baldwin wrote: > On Jul 28, 2005, at 10:14 AM, Scott Morris wrote: > >While I do think it's obnoxious to try to > >censor someone, on the other hand if they have proprietary internal > >information somehow that they aren't supposed to have to begin > >with, I don't > >think it is in security's best interested to commit a crime in > >order to get > >tighter security. > > > > Lynn developed this information based on publicly available IOS > images. There were no illegal acts committed in gaining this > information nor was any proprietary information provided for its > development. Reverse engineering, specifically for security testing > has an exemption from the DMCA (http://cyber.law.harvard.edu/openlaw/ > DVD/1201.html). > > That being said, what information is he not supposed to have? All the > information he had is available to anyone with a disassembler, an IOS > image, and an understanding of PPC assembly. > > If anything, the only "crime" he may or may not have committed is > violation of an NDA with ISS, which should a contractual, civil issue > not a criminal one. I think that's why it was a restraining order and not damanges in the amounts of billions, but IANAL. Same way people were asked to not disclose who the half-blooded prince was. I'm not saying it's right, but that's up for the judge(s) involved to decide. As far as Cisco goes, I know it takes them some time to fix bugs, but generally speaking they need to "fix them faster". But this can be said for most vendors. - jared -- Jared Mauch | pgp key available via finger from [email protected] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
|