North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Cisco IOS Exploit Cover Up

  • From: Jason Frisvold
  • Date: Thu Jul 28 14:37:09 2005
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Ly7gs7U/d9RGh6Y0QPccrxSeA7GdNNQ9JYsQYIWDPEjCx+2qgXFXKELbTLTwzJKCeAL21qvXq65Xl6WoUcDmD6IVWSjsDYzEVM52WqbGc9BUwo3WvPpI4KqkxGI+cuIbbBTuyx1hQn75/HkrizTpBIQEiR8g1Qh7RGbYmXViym0=
On 7/28/05, Leo Bicknell <[email protected]> wrote:
> I am not a lawyer, and so under the current DMCA and other laws it
> may well be illegal to "decompile" code.

I'm sure all the script kiddies and real hackers out there will be
sure to obey the law..  This is the bit of the DMCA I have a huge
issue with..  Hackers and others engaging in illegal activities will
have no trouble breaking the law and decompiling code looking for
exploits.  But, if a researcher does it, they get slapped with a
lawsuit..  The difference being, the researcher is (usually) doing it
to help identify problems and increase security..  There should be
some safe harbor here..
 
> That said, it sounds rather like the technical equivilant to Ralph
> Nader "disassembling" the Corvair to prove the suspension design
> was flawed.  GM sure didn't like that any more than Cisco likes
> this incident.

To prove a flaw..  This is a great example.  Nader wasn't stealing
technology, nor was he interested in exploitinig the flaw..  He was
proving that it was unsafe, thus providing the vendor with vital
information on how it was flawed..  Hopefully the vendor takes that
information and fixes the flaw..

> I don't know when we decided a program should be a black box welded
> shut kept from all prying eyes, and that anyone who could run a
> decompiler was instantly a crimimal.  It probably all came about
> from the crazy decision that software should be licensed, not sold.
> We'd be in a world of hurt if anyone who figured out how to put a
> lift kit on his pickup was sued by ford for "disassembling" the
> truck and figuring out their "propretary internal designs".  Why
> is software special?

Good point..  :)  What about my house?  Can I no longer modify my
kitchen at the whim of my wife because I didn't build the house,
someone else did?  I purchased the home, although it's still
mortgaged...  So that's even worse..  I don't even really own it..  :)
 Crap..  anyone know a good lawyer?  :)

> --
>        Leo Bicknell - [email protected]p.org - CCIE 3440
>         PGP keys at http://www.ufp.org/~bicknell/
> Read TMBG List - [email protected], www.tmbg.org

-- 
Jason 'XenoPhage' Frisvold
[email protected]