lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 12 Nov 2003 19:02:13 -0800 (PST)
From: Anatoly Volynets <>
To: Luigi Auriemma <>
Subject: Re:Gamespy uses DMCA to destroy bug research and
	full l disclosure

I wonder, if Gamespy has ignored known security bugs, is a class action
suit on behalf of their customers possible?

On Wed, 12 Nov 2003, Luigi Auriemma wrote:

> Just today (12 Nov 2003) opening my mailbox I have found a mail of about 1
> megabyte and half and fortunally for the sender I don't use filters.
> The mail has been sent by the Gamespy's lawyers asking me to remove my bug
> research stuff from my site.
> The stuff is composed by my proof-of-concepts and advisories written to test
> and explain the bugs in the Gamespy's products found and signaled to them a
> lot of months ago and completely ignored by Gamespy.
> All my advisories were released to the most known and pubblic security
> mailing-lists in the past so everyone can see all the release dates of them
> and how Gamespy manages the bugs in its products... the best example is just
> a remote buffer-overflow found and signaled to Gamespy at the end of May
> 2003 and still existent in the actual version of the program RogerWilco.
> The other incredible thing is that the lawyers have included in the list of
> "stuff to remove" also a simple program that is not a proof-of-concept or an
> advisory and moreover is not directly related to Gamespy... really comic...
> Continuing to read the mail (a pdf file) can be found a lot of senseless
> affirmations, some reported below:
> - "you have committed numerous violations of state and federal law by
> illegally accessing Gamespy servers and by creating, marketing, and
> distributing software which circumvents the encryption mechanism that
> protects access to Gamespy's servers"... are we talking about security
> bugs??? what I market???
> - they say my proof-of-concepts "purport to permit to circumvent the
> encryption protection of Gamespy's proprietary software, including GameSpy
> 3D and Roger Wilco, to obtain access to computer servers owned and operated
> by GameSpy, or in some cases to cause those servers to crash"... I'm very
> interested about what of my proof-of-concepts "circumemvent the encryption
> protection of Gamespy". The bugs I have found are in the Gamespy's products
> NOT in the Gamespy's servers.
> - but the most comic affirmation is "In contrast to simply advising GameSpy
> of these vulnerabilities, by publishing this software to the world at large
> you are clearly facilitating the intentional crashing of GameSpy's server by
> others"... I have tried to contact Gamespy EVERYTIME I have found a new bug
> for MULTIPLE times but they have EVER ignored my signalations or, as
> happened for the first bug in RogerWilco, they have simply "feigned" to
> patch the bugs so insulting me and my research (who has read my
> wilco-remix-adv.txt knows all the shameful story).
> So the "common time delay" to release advisories (a week or sometimes a
> month from the signalation of the bug without receiving replies) was FULLY
> respected in all the occasions.
> The last part of the mail/pdf talks about various DMCA's violations, US's
> laws and moreover "crime"!
> Bug research is a crime and bug researchers are criminals, didn't you know
> that?
> Is really shameful to see a company spending money for useless lawyers
> instead to quickly patch their incredibly bugged products and moreover to
> support who do bug research... what Gamespy wants is to destroy the full
> disclosure and the free information encouraging the underground scene.
> I think is not good for the Gamespy's users to know that the main goal of
> Gamespy is just to protect itself instead to protect its users and clients.
> That's the situation...
> --- 
> Luigi Auriemma
> _______________________________________________
> ------------------------
> ------------------------
> DMCA_Discuss mailing list

Anatoly Volynets

Powered by blists - more mailing lists