On Thu, Jul 28, 2005 at 01:36:01PM -0400, James Baldwin wrote:
On Jul 28, 2005, at 10:14 AM, Scott Morris wrote:
While I do think it's obnoxious to try to censor someone, on the other hand if they have proprietary internal information somehow that they aren't supposed to have to begin with, I don't think it is in security's best interested to commit a crime in order to get tighter security.
Lynn developed this information based on publicly available IOS images. There were no illegal acts committed in gaining this information nor was any proprietary information provided for its development. Reverse engineering, specifically for security testing has an exemption from the DMCA (http://cyber.law.harvard.edu/openlaw/ DVD/1201.html).
That being said, what information is he not supposed to have? All the information he had is available to anyone with a disassembler, an IOS image, and an understanding of PPC assembly.
If anything, the only "crime" he may or may not have committed is violation of an NDA with ISS, which should a contractual, civil issue not a criminal one.
I think that's why it was a restraining order and not damanges in the amounts of billions, but IANAL. Same way people were asked to not disclose who the half-blooded prince was. I'm not saying it's right, but that's up for the judge(s) involved to decide. As far as Cisco goes, I know it takes them some time to fix bugs, but generally speaking they need to "fix them faster". But this can be said for most vendors. - jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.