lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: dufresne at winternet.com (Ron DuFresne)
Subject: Re: Cisco's stolen code

	[SNIP]

>
> I see you are in the "Don't touch it!  It's stolen!" camp.  No worries.  We've got different opinions on the matter.  However, I still don't see how _not_ looking at source code does the community a favor.  Note, I am not condoning the theft, or the intrusion that acquired it.  However, there are legitimate ways to see the code that don't involve theft or other illegal acts.
>
> Staying completely hands off would certainly benefit the company (any company really) who's code's been leaked, but it won't encourage them to fix the holes that exist.  If only the bad guys are looking at it, then the first sign of trouble will be an exploit in the wild.  One that could possibly have been prevented by the good guys taking a look at the code.
>
> You're argument that having embarassing code leaked will encourage them to fix the problem doesn't follow.  If "Good Guys (r)" aren't looking at the code, no one's going to tell the company "Guys, this is a Bad Thing (tm)", so they never get embarrassed - at least until the exploits come out, when it will be too late.
>

	[BIGGER SNIPPAGE]

I'm trying to understand how obtaining and using stolen code, for any
reason, is different then acquiring stolen property in any other context.
If you know the property was obtained illegally, that would make you an
acessory after the fact, would it not?


Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ