lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1085507561.2748.147.camel@tumbleweed05>
From: btoovey at igxglobal.com (Brian Toovey)
Subject: Cisco's stolen code



> 
> Well, let's face the simple facts. Cisco's code is copyrighted and it's
> illegal to copy it, distribute it or even use it. There's no way around
> it. Whatever your intentions are the Cisco code is legally off-limits.


I agree, partially


> 
> This may stink and it may hinder security audits but if Cisco wanted you
> or anybody else to audit their code they would have licensed it to you.


No the wouldnt have - but lets continue


> 
> Since they didn't, this leaves you in a very shitty position if you
> touch their code. You may be able to find security flaws but you have
> broken laws to do so. Period.


I don't agree.  Period.


> 
> For me, breaking laws is NOT acceptable under ANY circumstance. I hope
> the majority of people on this list is with me on this. If this list
> evolves into a meeting place where copyrighted code is "negotiated" and
> its distribution organised then our goal of full disclosure of security
> flaws in IT is not met. You can't improve security by breaking laws.
> This renders this list and everybody posting here untrustworthy.


First of all, I never discussed negioting the code. So where you go with
that I dont know.
Second, I know you probably break laws every day.  Tell me for instance
you never speed in a car.
The fact is almost every software license does not allow for any use of
software that is not inline with its intended use.  It is technically
illegal to audit any closed source product for vulnerabilities, with or
without code.  So anyone who posts a vulnerability against a
closed-source product is under question, under your presumtion of
lawfull obedience.
Third, If I want to look at this code, all I have to do is not make a
copy of it.  As long as you dont copy the code, guess what?  You didnt
break copyright!

> 
> If you want to audit code then stick to the code that is released under
> licenses that allow public code auditing. Don't even think to look at
> code that hasn't be released under an open license. Maybe this will
> motivate more vendors to license their products under an Open Source
> license.
> 

I suggest learing more about software licenses and not flamming anyone
you see fit.  You obviously have some interest in Cisco.  Leave this
interest out of a security discussion.

I love open-source products - but your logic that this will motivate
more vendors to license their products under open-source - oh why bother
with this.....

> regards,
> Tobias W.
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


regards,
Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040525/5d978383/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040525/5d978383/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ