lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: Eric.Nelson at viacore.net (Eric Nelson)
Subject: Symantec Buys SecurityFocus, among others....

What about publishing and copyrighting the exploit?   It's more legal
ammo to go after whoever uses it for malicious purposes.

Of course this doesn't *stop* the use of the exploit (discourages
perhaps?), it just increases the penalties when one gets caught using
it.


-Eric


On Thu, 18 Jul 2002, Blue Boar wrote: 

> > Perhaps the best way to beat these cash hounds at their own game
> > is to start using a strictly not-for-profit licensing on all
released
> > advisories and proof-of-concept code which stipulates that
for-profit
> > companies may not use said information in any way.
> 
> Interesting concept.  How do you propose to copyright an idea?

	The idea cannot be copyrighted[1], but the code (which includes
the exploit methodology) can be copyrighted with all the cursory terms
and conditions for use.


> You can decline to let someone mirror your exploit or advisory
verbatim,
> but there's nothing you can do to keep someone from reporting about a
> vulnerability. 

	Sure you can...especially under the auspices of the DMCA.  Hell,
when you get down to it, all we need is one wild-eyed lawyer[2] on our
side who'll toss a flurry of lawsuits and we'll pretty much have the
corporate security firms by the short-and-curlies.

	All kidding aside, I like the notion of encrypting the data and
putting stipulations on the decryption.  Seems rather like poetic
justice
to me.  Call it the Sklyarov cipher...

- -Jay

1.  Ideas, names and phrases can be trademarked, however.

2.  Maybe one with experience via the Church of Scientology, or the one
    who brought us McDonald's coffee cups that now read "Allow to cool
    before applying to genitals"...

  (    (
_______
  ))   ))   .--"There's always time for a good cup of coffee"--.
>====<--.
C|~~|C|~~| (>------ Jay D. Dyson -- jdyson@...achery.net ------<) |    =
|-'
 `--' `--'  `-- I'll be diplomatic...when I run out of ammo. --'
`------'

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iD8DBQE9N0pAGI2IHblM+8ERAlAnAJ9AbZ/g4I5cPUL3KogHYDjQK5p4VgCeN1pY
Q9sVUOYHOhysxYYetRqAzCo=
=+6qq
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Full-Disclosure@...ts.netsys.com
http://lists.netsys.com/mailman/listinfo/full-disclosure

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ