lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3D375711.3020903@thievco.com>
From: BlueBoar at thievco.com (Blue Boar)
Subject: Symantec Buys SecurityFocus, among others....

Jay D. Dyson wrote:
> 	The idea cannot be copyrighted[1], but the code (which includes
> the exploit methodology) can be copyrighted with all the cursory terms
> and conditions for use.

You can't copyright an algorithm, only an implementation.  You need a 
patent to protect an algorithm.  Good luck patenting buffer overflows.

>>You can decline to let someone mirror your exploit or advisory verbatim,
>>but there's nothing you can do to keep someone from reporting about a
>>vulnerability. 
> 	Sure you can...especially under the auspices of the DMCA.  Hell,
> when you get down to it, all we need is one wild-eyed lawyer[2] on our
> side who'll toss a flurry of lawsuits and we'll pretty much have the
> corporate security firms by the short-and-curlies.

You think you can stop a news agency from reporting that there is a 
vulnerability in product X, that works like Y and Z?  I think you'll find 
you're mistaken.  I'd love to see it play out, though.

> 1.  Ideas, names and phrases can be trademarked, however.

Not ideas.  Names, yes.. but that just means someone has to call their 
version of the exploit something different.  And trademarks are expensive 
to obtain and defend.

> 
> 2.  Maybe one with experience via the Church of Scientology, or the one
>     who brought us McDonald's coffee cups that now read "Allow to cool
>     before applying to genitals"...

Many people can be intimidated with a lawsuit.  Seems like the groups in 
particular you are concerned about aren't the ones to try threatening with 
lawyers, though.

							BB

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ