lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4033D3E4.6030000@thievco.com>
From: BlueBoar at thievco.com (Blue Boar)
Subject: InfoSec sleuths beware, Microsoft's attorneys
 may be knocking at your door

Bernie, CTA wrote:
> Could Microsoft's attorneys go after sleuths who are, have been 
> disclosing vulnerabilities in Microsoft's software and allege 
> that the individual had discovered the vulnerability because 
> they downloaded the code and examined it? Good tactic to impede 
> pen testing, security research, or disclosure of security 
> threats, which in the past have cast a ominous shadow on MS, is 
> it not?  
> 
> It may be wise for security sleuths to fully document their 
> vulnerability / exploit discovery process, when, how, what, why. 
> I'm sure Microsoft's attorneys will be serving production of 
> documents request upon a select group. Note that under US 
> Federal law, limited discovery to perpetuate testimony regarding 
> any matter can be performed before a lawsuit is actually filed.

There are clear, admitted cases of reverse engineering by vulnerabiity
researchers, which are prohibited by EULA, and which MS has so far
declined to pursue.  Why should this be different?  MS afraid the EULA
restrictions wouldn't hold up?

					BB

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ