lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: vxdude2003 at yahoo.com (VX Dude)
Subject: Cisco's stolen code

--- madsaxon <madsaxon@...ecway.com> wrote:
> At 10:45 AM 5/25/2004 -0700, Harlan Carvey wrote:
> 
> >Valdis,
> >
> >I sincerely hope that you do not presume to speak
> for
> >everyone...
> 
> He's not offering an opinion, merely stating a fact:
> if whitehats are security researchers who don't
> break the law, then they don't audit code the
> possession of which is illegal.  The only
> debatable point here is the definition of
> "whitehat,"
> but that's really just a matter of semantics.
> This code is the proprietary property of Cisco.
> Anyone who knowingly examines it or even possesses
> it without Cisco's permission is in violation of
> the law in most countries, and therefore not,
> by definition, acting as a "whitehat."
> 
> m5x
> 
> _______________________________________________
> Full-Disclosure - We're afriad to back it up

Which law?  Does this mean whitehats will start
recognizing EULAs pertaining to proprietary property?
True it may not be source, but its still property!
Are whitehats going to limit themselves to just
sourceforge projects (hell iDefense already does)?

White hats are starting to sound as holy as the
Knights Templar, and they also seem to picking up the
Templar's ethics of attacking in the "grey areas" of
the law.

I agree that whitehats should only audit and/or "find"
security holes in software in which they are invited
or allowed to do so.  But isnt the whole point of the
word full in full-disclosure to expose flaws that the
owners of the property dont want known.  Sounds like a
greyhat/blackhat mailing list to me.

Challenging the corporations and not the law doesnt
make you a whitehat, it just makes you weak.


	
		
__________________________________
Do you Yahoo!?
Friends.  Fun.  Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ