Bugtraq mailing list archives
Re: telnetd exploit code
From: Aaron Silver <asilver () epoch net>
Date: Tue, 24 Jul 2001 17:22:06 -0400
There's a question begging to be asked here... First of all let me say that I don't know Sebastian or his motivations, so I am not infering anything here, simply that this brought up a point that is now itching my head a lot. If a hacker copyright's his code, and then releases it into the wild, what does that do for his rights under the copyright? To turn it upside down, I have a machine that has had some hacker code placed on it. I didn't authorize it to be placed on there... Am I to be denied investigating this code (and sharing it with others to help me investigate) because someone placed a copyright notice on the code. Normally the rights of the individual to swing his arms ends at the tip of another individual's nose. This issue can get a lot muddier, but I figured I'd start with a simple case. =) Aaron Silver aleph1 () securityfocus com wrote:
* Sebastian (scut () nb in-berlin de) [010724 09:38]:I do not know who let this posting through, but I think something went seriously wrong here. What do the mailing list administrators do here, letting a confidential source code with full copyright and confidentiality header intact through a public mailing list. The Bugtraq mailing list was especially noted as example even in the header, which should not be allowed to disclose this. Although a lot of Bugtraq readers might not agree with me here, I think there is a right under which I can deny the disclosure of this source code. Call it privacy, call it copyright, I do not care about its name.Sebastian is correct. It was an error to approve the message given he clearly stated in the comments he did not wish it distributed. For that I apologize. That being said, it been quite obvious that for a while now that this exploit is being shared in the underground and has been used actively to break into systems. Better control of exploits one does not wish to see distributed may be called for.Oh, and another odd thing, there is no X-Approved-By: this time in the post, I wonder why. Do you know ?The X-Approved-By header was inserted by LISTSERV. We been using ezmlm, which does not insert the header, for a while now.ciao, -scut-- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
Current thread:
- telnetd exploit code cami (Jul 24)
- Re: telnetd exploit code Sebastian (Jul 24)
- Re: telnetd exploit code aleph1 (Jul 24)
- Re: telnetd exploit code Aaron Silver (Jul 24)
- Re[2]: telnetd exploit code dullien (Jul 24)
- Re: telnetd exploit code aleph1 (Jul 24)
- Re: telnetd exploit code Sebastian (Jul 24)
- Re: telnetd exploit code Josh Brandt (Jul 24)
- Re: telnetd exploit code (Tru64) Josh Brandt (Jul 25)
- <Possible follow-ups>
- RE: telnetd exploit code aleph1 (Jul 25)
- RE: telnetd exploit code Dylan Reeve (Jul 26)
- Re: telnetd exploit code Geoff Joy (Jul 26)
- RE: telnetd exploit code Kelly Martin (Jul 26)