lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4033F7CC.7060805@thievco.com>
From: BlueBoar at thievco.com (Blue Boar)
Subject: InfoSec sleuths beware, Microsoft's attorneys
 may be knocking at your door

Cael Abal wrote:

> | There are clear, admitted cases of reverse engineering by vulnerabiity
> | researchers, which are prohibited by EULA, and which MS has so far
> | declined to pursue.  Why should this be different?  MS afraid the EULA
> | restrictions wouldn't hold up?
> 
> Unless the individual who downloaded the leaked source clicked an 'I
> agree not to do anything naughty with this source' button, EULAs have
> nothing to do with this particular issue.  

The "EULA" reference is in regards to reverse engineering, as shown in 
the bit of text you have quoted.  No one is trying to claim that there 
is a EULA on the stolen source.  I have to wonder if you are being 
intentionally obtuse in trying to make it look like that is what is 
being discussed.

The point is, in case you really did miss it, is that Microsoft already 
has a basis for going after the vulnerability researchers if they choose 
to.  All the exploit writers I know have a habit of disassembling MS 
binaries that explicity forbid that in the EULA.  Therefore, I doubt 
that they will go after vuln researchers who use the source code 
instead/in addition to reverse engineering.

The original poster made a decent case that perhaps MS has a stronger 
legal stance with regard to the source, so maybe I'm wrong.

						BB


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ