lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <42EF86CE.4090908@sdf.lonestar.org>
Date: Tue Aug  2 15:44:44 2005
From: bkfsec at sdf.lonestar.org (bkfsec)
Subject: Cisco IOS Shellcode Presentation

Michael Holstein wrote:

>  
> You bet! .. as it pertains to anything past their demarc at their 
> properties, they're entirely free to log and review every packet that 
> comes/goes.
>
> That means they can legally review your IM chats, go back and read 
> your email from a month ago, whatever ...
>
> The legal precedent for this is essentially "He who onws the network, 
> owns the data" (with respect to an employee/employeer relationship). 
> It's a bit different for commercial ISPs.
>

(Disclaimer: I'm not a lawyer....)

Actually, it's even a bit more complicated than that.  Technically, you 
could copyright every e-mail sent to this list.  As long as you state 
that it is copyright to your legal name, it is, in fact, copyrighted.  
Of course, in the case that you send that e-mail to a public mailing 
list that you know is archived, it can clearly be argued that your work 
was intended to be distributed with license implied for all.  However, 
that doesn't remove ownership and limited monopoly.

It's not just that they're commercial ISPs versus private networks... 
what also matters is who's writing the material and what function 
they're serving when they write that material.  If you're working at XYZ 
Corp and you send out an e-mail, depending on your business arangement 
that e-mail is probably copyrighted to XYZ Corp by default since you're 
acting as an agent of XYZ Corp. 

What makes it possible for us to examine any data which comes in contact 
with our networks is, essentially, fair use.  If someone transmits a 
copy of MS Windows XP across my network, do I own the packets that make 
it up?  Of course not... if that were true it would be possible to 
circumvent every copyright out there.  However, since that data was 
transmitted across my network, it's fair use for me to analyze it as it 
resides on my property.  This is particularly true if transmission was 
not instigated by the one doing the monitoring.

Sure, the company may own the databases that any packet captures may be 
on... but the content in those packet captures may still carry copyright 
requirements with it, depending on what it is and how constructable the 
data is.  Non-solicited transfer may be considered providing a limited 
license...

What happens in the event that mass numbers of copyrighted data 
including packets get misrouted?  I have no idea. :)

In either case, boiler plate restriction statements on e-mail sent to 
mailing lists is silly because it is almost definately unenforcable.

                -Barry

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ