lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040525212655.28603.qmail@web50006.mail.yahoo.com> From: vxdude2003 at yahoo.com (VX Dude) Subject: Cisco's stolen code --- madsaxon <madsaxon@...ecway.com> wrote: > At 10:45 AM 5/25/2004 -0700, Harlan Carvey wrote: > > >Valdis, > > > >I sincerely hope that you do not presume to speak > for > >everyone... > > He's not offering an opinion, merely stating a fact: > if whitehats are security researchers who don't > break the law, then they don't audit code the > possession of which is illegal. The only > debatable point here is the definition of > "whitehat," > but that's really just a matter of semantics. > This code is the proprietary property of Cisco. > Anyone who knowingly examines it or even possesses > it without Cisco's permission is in violation of > the law in most countries, and therefore not, > by definition, acting as a "whitehat." > > m5x > > _______________________________________________ > Full-Disclosure - We're afriad to back it up Which law? Does this mean whitehats will start recognizing EULAs pertaining to proprietary property? True it may not be source, but its still property! Are whitehats going to limit themselves to just sourceforge projects (hell iDefense already does)? White hats are starting to sound as holy as the Knights Templar, and they also seem to picking up the Templar's ethics of attacking in the "grey areas" of the law. I agree that whitehats should only audit and/or "find" security holes in software in which they are invited or allowed to do so. But isnt the whole point of the word full in full-disclosure to expose flaws that the owners of the property dont want known. Sounds like a greyhat/blackhat mailing list to me. Challenging the corporations and not the law doesnt make you a whitehat, it just makes you weak. __________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/
Powered by blists - more mailing lists