| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: Azerail at supersecretninjaskills.com (Azerail) Subject: Symantec wants to criminalize security info sharing On Thu, 11 Sep 2003, Jonathan Rickman wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > On Thursday 11 September 2003 09:47, Richard M. Smith wrote: > > > For example, if Symantec were to get this law passed, are they prepared > > to see their employees who work on the Bugtraq email list go to jail? > > Of course not. They'll just shut it down. They don't want to see > vulnerabilities discussed openly because that keeps them from being able > to charge for advisories. The fact that these services still exist is due > to their fear of community backlash, not corporate goodwill. Don't kid > yourself, there are plenty of others out there just like them who would > like nothing more than to make the so called "security community" an > exclusive club open only to corporate types who see things their way. > Many of them are among us. Fortunately, in most cases the good they do > outweighs the ill will that they harbor. Eventually the thirst for more > revenue will push them over the edge, and I for one, believe that the > first one to step over that line will suffer such a backlash that the > others contemplating following them will go back to their corners and > sulk. If I had to bet on who the first will be, I would probably put my > money on Symantec. I don't have anything against them particularly, but I > think they are very close to the edge, as this quote indicates. > What's interesting about that is a certain perception in the security community of "us vs. them". Mostly the corporate types who are merely well-trained (if that), and no real knowledge of the working of what was once the "computer underground". I wonder if the law were to come to pass, how many of the computer security professionals would resort to the tactics of their enemy in order to gain the knowledge neccesary to protect their machines and networks. Will the days of anonymous proxies and irc come again? Something better? I almost hope it does come to pass, as the community will just adapt. It's just an escalation of the game that was started long ago. Those of you who would seek to withhold and control would do well to remember that. It's interesting that Symantec would force people who would otherwise have been customers into criminals. All in all, I agree, Symantec will probably force Bugtraq to either censor or charge for security updates, and it very well could have been the goal of them aquiring Butraq in the first place. Security information (and information in general) should remain in control of the people, not the corps. Just my ramble. Azerail -- Being conquered lies within the enemy. Being unconquerable lies within oneself
Powered by blists - more mailing lists