Re: Cisco IOS Exploit Cover Up

From: James Baldwin (no email)
Date: Thu Jul 28 2005 - 13:36:01 EDT

  • Next message: Mark Owen: "Re: Cisco cover up"

    On Jul 28, 2005, at 10:14 AM, Scott Morris wrote:

    > While I do think it's obnoxious to try to
    > censor someone, on the other hand if they have proprietary internal
    > information somehow that they aren't supposed to have to begin
    > with, I don't
    > think it is in security's best interested to commit a crime in
    > order to get
    > tighter security.
    >

    Lynn developed this information based on publicly available IOS
    images. There were no illegal acts committed in gaining this
    information nor was any proprietary information provided for its
    development. Reverse engineering, specifically for security testing
    has an exemption from the DMCA (http://cyber.law.harvard.edu/openlaw/
    DVD/1201.html).

    That being said, what information is he not supposed to have? All the
    information he had is available to anyone with a disassembler, an IOS
    image, and an understanding of PPC assembly.

    If anything, the only "crime" he may or may not have committed is
    violation of an NDA with ISS, which should a contractual, civil issue
    not a criminal one.


  • Next message: Mark Owen: "Re: Cisco cover up"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD