lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 12 Nov 2003 19:02:13 -0800 (PST)
From: Anatoly Volynets <av@...al-knowledge.com>
To: Luigi Auriemma <aluigi@...ervista.org>
Cc: dmca_discuss@...ts.microshaft.org, list@...ield.org,
	bugtraq@...urityfocus.com, dmca-activists@....org, eff@....org
Subject: Re:Gamespy uses DMCA to destroy bug research and
	full l disclosure



I wonder, if Gamespy has ignored known security bugs, is a class action
suit on behalf of their customers possible?

On Wed, 12 Nov 2003, Luigi Auriemma wrote:

> 
> Just today (12 Nov 2003) opening my mailbox I have found a mail of about 1
> megabyte and half and fortunally for the sender I don't use filters.
> 
> The mail has been sent by the Gamespy's lawyers asking me to remove my bug
> research stuff from my site.
> 
> The stuff is composed by my proof-of-concepts and advisories written to test
> and explain the bugs in the Gamespy's products found and signaled to them a
> lot of months ago and completely ignored by Gamespy.
> All my advisories were released to the most known and pubblic security
> mailing-lists in the past so everyone can see all the release dates of them
> and how Gamespy manages the bugs in its products... the best example is just
> a remote buffer-overflow found and signaled to Gamespy at the end of May
> 2003 and still existent in the actual version of the program RogerWilco.
> 
> The other incredible thing is that the lawyers have included in the list of
> "stuff to remove" also a simple program that is not a proof-of-concept or an
> advisory and moreover is not directly related to Gamespy... really comic...
> 
> Continuing to read the mail (a pdf file) can be found a lot of senseless
> affirmations, some reported below:
> 
> - "you have committed numerous violations of state and federal law by
> illegally accessing Gamespy servers and by creating, marketing, and
> distributing software which circumvents the encryption mechanism that
> protects access to Gamespy's servers"... are we talking about security
> bugs??? what I market???
> 
> - they say my proof-of-concepts "purport to permit to circumvent the
> encryption protection of Gamespy's proprietary software, including GameSpy
> 3D and Roger Wilco, to obtain access to computer servers owned and operated
> by GameSpy, or in some cases to cause those servers to crash"... I'm very
> interested about what of my proof-of-concepts "circumemvent the encryption
> protection of Gamespy". The bugs I have found are in the Gamespy's products
> NOT in the Gamespy's servers.
> 
> - but the most comic affirmation is "In contrast to simply advising GameSpy
> of these vulnerabilities, by publishing this software to the world at large
> you are clearly facilitating the intentional crashing of GameSpy's server by
> others"... I have tried to contact Gamespy EVERYTIME I have found a new bug
> for MULTIPLE times but they have EVER ignored my signalations or, as
> happened for the first bug in RogerWilco, they have simply "feigned" to
> patch the bugs so insulting me and my research (who has read my
> wilco-remix-adv.txt knows all the shameful story).
> So the "common time delay" to release advisories (a week or sometimes a
> month from the signalation of the bug without receiving replies) was FULLY
> respected in all the occasions.
> 
> The last part of the mail/pdf talks about various DMCA's violations, US's
> laws and moreover "crime"!
> 
> Bug research is a crime and bug researchers are criminals, didn't you know
> that?
> 
> Is really shameful to see a company spending money for useless lawyers
> instead to quickly patch their incredibly bugged products and moreover to
> support who do bug research... what Gamespy wants is to destroy the full
> disclosure and the free information encouraging the underground scene.
> 
> I think is not good for the Gamespy's users to know that the main goal of
> Gamespy is just to protect itself instead to protect its users and clients.
> 
> That's the situation...
> 
> 
> BYEZ
> 
> 
> 
> --- 
> Luigi Auriemma
> http://aluigi.altervista.org
> 
> 
> _______________________________________________
> 
> 
> ------------------------
> http://www.anti-dmca.org
> ------------------------
> 
> DMCA_Discuss mailing list
> DMCA_Discuss@...ts.microshaft.org
> http://lists.microshaft.org/mailman/listinfo/dmca_discuss
> 

Anatoly Volynets
http://www.total-knowledge.com
http://www.culturedialogue.org

Powered by blists - more mailing lists