lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <E924F679D556A345B865717377DCDFC4036F04C6@ROKEMAIL.staff.ad.cqu.edu.au>
From: b.griffin at cqu.edu.au (Brad Griffin)
Subject: Cisco's stolen code

 Don't reply to me, I'm on the bloody list...

> -----Original Message-----
> From: Seth Alan Woolley [mailto:seth@...tology.org] 
> Sent: Thursday, May 27, 2004 3:10 PM
> To: Brad Griffin
> Cc: full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Cisco's stolen code
> 
> On Thu, May 27, 2004 at 08:41:27AM +1000, Brad Griffin wrote:
> > Now that this code is stolen, anyone who has a copy of that 
> code is a
> > suspected thief until such time as they show that they did not steal
> > it, or that they are not an accomplice or have not received stolen
> > property. Holders of the code must (if necessary) show that they are
> > holding the code legitimately.
> 
> Innocent until proven guilty is a foreign concept to you?

Absolutely. You tell me where that 'concept' is actually practiced.
Certainly not in your country or mine if you believe the stories and
have ever been  interrogated (yes, I have). 

> 
> What's this meaningless "must (if necessary)" banter mean?  You were
> accusing me of being the lawyer, remember?

If they are required by a direction of a police person or judge, they
will have to prove where they obtained the code from and that the source
was legally allowed to provide that code.

> 
> > Copyright has three parts of stuff all to do with stealing 
> property and
> > does *not* apply here (not where I come from at least). 
> 
> Words are not property.  I refer:
> 
> http://www.gnu.org/philosophy/words-to-avoid.html#TOCIntellect
ualProperty

What has the GNU philosophy got to do with stealing the property (code
is private property) of Cisco? Jeez mate, I could put up a page myself
and refer you to that explaining why words ARE property (no offense to
the good GNUs out there [pun not intentional]). However, source code
itself may be 'words', but not in the context you would like them to be.
Source code that is deliberately *not* provided to everyone (for money
or otherwise) is not 'words' and does not fall under any 'fair use' or
other copyright agreement.  


> 
> Citizens have a "right" to employment under the Full 
> Employment Acts of
> 1964, 1978, etc. in the US, too.  There's a lot of stolen property in
> that case, under Greenspan's desk.
> 
> > That's called Receiving Stolen Property.
> 
> No, it is not.  Nobody ever took their temporary, state-enforced
> monopoly right to control duplication by receiving a copy of something
> after it has been duplicated already.  Somebody else received that
> right.  I already posted the USC on the subject.  The court 
> can mandate
> that the code from a particular infringement be destroyed, and that's
> the extent of it.

I'm sorry, but what? Johnny hacker A steal Cisco code. He provides that
code (or a copy, doesn't matter a phuk here) to Johnny Hacker B. Johnny
hacker B can be charged with receiving stolen property. Check your law
books.


> 
> I pity all the purchasers of MS-DOS 6.0 and 6.2.  The stolen 
> "rights" from
> Stac Electronics should brand them all pirates!

As far as I am aware, Microsoft didn't steal the code from Stac.
Microsoft was infringing a patent I believe and the patent related to
using Stacs compression program in DOS. I understand that case was
sorted out and therefore wouldn't apply here in the way you describe it.

Cheers,
Brad

> 
> Personally, I wouldn't touch the CISCO code with one of those
> aforementioned ten foot barge poles.  However, auditors, if they so
> choose and plan how they receive the code well, can hold themselves
> harmless under US law for disclosing security flaws.  Tough break for
> CISCO, and that ends up being a security implication: combine 
> Kerckhoffs
> Principle with the poorer security of security by obscurity, and soon
> there shall be a fallout from the forthcoming flaws auditors 
> are sure to
> find.  The beauty of it all is that CISCO can't do a damned 
> thing about
> it, despite the wishes of WIPO.
> 
> -- 
> Seth Alan Woolley [seth at positivism.org], SPAM/UCE is unauthorized
> Key id EF10E21A = 36AD 8A92 8499 8439 E6A8  3724 D437 AF5D EF10 E21A
> http://smgl.positivism.org:11371/pks/lookup?op=get&search=0xEF10E21A
> Security Team Leader Source Mage GNU/Linux http://www.sourcemage.org
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ