| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Nov 2003 19:02:13 -0800 (PST) From: Anatoly Volynets <av@...al-knowledge.com> To: Luigi Auriemma <aluigi@...ervista.org> Cc: dmca_discuss@...ts.microshaft.org, list@...ield.org, bugtraq@...urityfocus.com, dmca-activists@....org, eff@....org Subject: Re:Gamespy uses DMCA to destroy bug research and full l disclosure I wonder, if Gamespy has ignored known security bugs, is a class action suit on behalf of their customers possible? On Wed, 12 Nov 2003, Luigi Auriemma wrote: > > Just today (12 Nov 2003) opening my mailbox I have found a mail of about 1 > megabyte and half and fortunally for the sender I don't use filters. > > The mail has been sent by the Gamespy's lawyers asking me to remove my bug > research stuff from my site. > > The stuff is composed by my proof-of-concepts and advisories written to test > and explain the bugs in the Gamespy's products found and signaled to them a > lot of months ago and completely ignored by Gamespy. > All my advisories were released to the most known and pubblic security > mailing-lists in the past so everyone can see all the release dates of them > and how Gamespy manages the bugs in its products... the best example is just > a remote buffer-overflow found and signaled to Gamespy at the end of May > 2003 and still existent in the actual version of the program RogerWilco. > > The other incredible thing is that the lawyers have included in the list of > "stuff to remove" also a simple program that is not a proof-of-concept or an > advisory and moreover is not directly related to Gamespy... really comic... > > Continuing to read the mail (a pdf file) can be found a lot of senseless > affirmations, some reported below: > > - "you have committed numerous violations of state and federal law by > illegally accessing Gamespy servers and by creating, marketing, and > distributing software which circumvents the encryption mechanism that > protects access to Gamespy's servers"... are we talking about security > bugs??? what I market??? > > - they say my proof-of-concepts "purport to permit to circumvent the > encryption protection of Gamespy's proprietary software, including GameSpy > 3D and Roger Wilco, to obtain access to computer servers owned and operated > by GameSpy, or in some cases to cause those servers to crash"... I'm very > interested about what of my proof-of-concepts "circumemvent the encryption > protection of Gamespy". The bugs I have found are in the Gamespy's products > NOT in the Gamespy's servers. > > - but the most comic affirmation is "In contrast to simply advising GameSpy > of these vulnerabilities, by publishing this software to the world at large > you are clearly facilitating the intentional crashing of GameSpy's server by > others"... I have tried to contact Gamespy EVERYTIME I have found a new bug > for MULTIPLE times but they have EVER ignored my signalations or, as > happened for the first bug in RogerWilco, they have simply "feigned" to > patch the bugs so insulting me and my research (who has read my > wilco-remix-adv.txt knows all the shameful story). > So the "common time delay" to release advisories (a week or sometimes a > month from the signalation of the bug without receiving replies) was FULLY > respected in all the occasions. > > The last part of the mail/pdf talks about various DMCA's violations, US's > laws and moreover "crime"! > > Bug research is a crime and bug researchers are criminals, didn't you know > that? > > Is really shameful to see a company spending money for useless lawyers > instead to quickly patch their incredibly bugged products and moreover to > support who do bug research... what Gamespy wants is to destroy the full > disclosure and the free information encouraging the underground scene. > > I think is not good for the Gamespy's users to know that the main goal of > Gamespy is just to protect itself instead to protect its users and clients. > > That's the situation... > > > BYEZ > > > > --- > Luigi Auriemma > http://aluigi.altervista.org > > > _______________________________________________ > > > ------------------------ > http://www.anti-dmca.org > ------------------------ > > DMCA_Discuss mailing list > DMCA_Discuss@...ts.microshaft.org > http://lists.microshaft.org/mailman/listinfo/dmca_discuss > Anatoly Volynets http://www.total-knowledge.com http://www.culturedialogue.org
Powered by blists - more mailing lists