North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Cisco IOS Exploit Cover Up

  • From: Leo Bicknell
  • Date: Thu Jul 28 11:21:15 2005

In a message written on Thu, Jul 28, 2005 at 10:14:42AM -0400, Scott Morris wrote:
> And yet, look how much havoc was created there.  It's always the "potential"
> stuff that scares people more.  While I do think it's obnoxious to try to
> censor someone, on the other hand if they have proprietary internal
> information somehow that they aren't supposed to have to begin with, I don't
> think it is in security's best interested to commit a crime in order to get
> tighter security.

We don't have all the details, so I don't know what he's accused
of doing which is illegal, however, from
http://news.zdnet.co.uk/internet/security/0,39020375,39211011,00.htm I
quote:

] The filing in US District Court for the Northern District of California
] asks the court to prevent Lynn and Black Hat from "further disclosing
] proprietary information belonging to Cisco and ISS," said John Noh, a
] Cisco spokesman.
] 
] "It is our belief that the information that Lynn presented at Black Hat
] this morning is information that was illegally obtained and violated our
] intellectual-property rights," Noh added.
] 
] Lynn decompiled Cisco's software for his research and by doing so
] violated the company's rights, Noh said.

I am not a lawyer, and so under the current DMCA and other laws it
may well be illegal to "decompile" code.

That said, it sounds rather like the technical equivilant to Ralph
Nader "disassembling" the Corvair to prove the suspension design
was flawed.  GM sure didn't like that any more than Cisco likes
this incident.

I don't know when we decided a program should be a black box welded
shut kept from all prying eyes, and that anyone who could run a
decompiler was instantly a crimimal.  It probably all came about
from the crazy decision that software should be licensed, not sold.
We'd be in a world of hurt if anyone who figured out how to put a
lift kit on his pickup was sued by ford for "disassembling" the
truck and figuring out their "propretary internal designs".  Why
is software special?

-- 
       Leo Bicknell - bicknell@ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org

Attachment: pgp00035.pgp
Description: PGP signature