Bugtraq mailing list archives
RE: telnetd exploit code
From: Kelly Martin <kellym () fb00 fb org>
Date: Thu, 26 Jul 2001 08:39:36 -0500
There is a doctrine known as "copyright misuse" which permits a court to refuse to enforce a copyright interest when that interest is being used (or enforcement of the right is sought) for an improper purpose. Copyright actions, for the most part, lie in equity and as such the court may apply equitable principles to deny relief when granting it would be unreasonable. I suspect that it would not be a hard sell to convince a court that enforcing a malicious software author's copyright interests in such software would be unreasonable and would amount to copyright misuse. Note also that in order to prosecute copyright infringement on a virus, the author would have to file a registration for that virus with the Copyright Office, which would then be admissible as evidence in a criminal prosecution against that author for computer tampering. In addition, the civil complaint that the author would have to file to initiate a copyright enforcement action would be admissible, as would the sworn affidavits which would necessarily be annexed to that complaint as exhibits. So, from a pratical standpoint, even if virus authors have a copyright interest in their viruses, they would be utter idiots to seek to enforce them. This would also apply to efforts to use the DMCA, as that also requires a sworn affidavit attesting to ownership of the intellectual property in question. The only caveat here would be a virus author who wrote a virus but never released it or who published it for "academic review" without a license to use (e.g. exploit code developed by testing labs). In this case, if you discovered her virus on your system, she would probably be willing to work with you in a joint prosecution against the virus releaser, as that individual has both infringed the virus author's copyright and committed computer tampering against your system, especially when you point out to her that if she fails to cooperate, you will name her as a joint defendant in conspiracy with the releasing individual on the charge of computer tampering. So, I wouldn't worry about copyright interests in viruses. It's questionable (in my mind) whether such interests are legally enforceable, and quite clear to me that they are not practically enforceable even if they are legally. The foregoing is not legal advice. For legal advice, consult a licensed attorney. Kelly
-----Original Message----- From: Aaron Silver [SMTP:asilver () epoch net] Sent: Tuesday, July 24, 2001 4:22 PM To: bugtraq () securityfocus com Subject: Re: telnetd exploit code There's a question begging to be asked here... First of all let me say that I don't know Sebastian or his motivations, so I am not infering anything here, simply that this brought up a point that is now itching my head a lot. If a hacker copyright's his code, and then releases it into the wild, what does that do for his rights under the copyright? To turn it upside down, I have a machine that has had some hacker code placed on it. I didn't authorize it to be placed on there... Am I to be denied investigating this code (and sharing it with others to help me investigate) because someone placed a copyright notice on the code. Normally the rights of the individual to swing his arms ends at the tip of another individual's nose. This issue can get a lot muddier, but I figured I'd start with a simple case. =) Aaron Silver aleph1 () securityfocus com wrote:* Sebastian (scut () nb in-berlin de) [010724 09:38]:I do not know who let this posting through, but I think something went seriously wrong here. What do the mailing list administrators do here, letting aconfidentialsource code with full copyright and confidentiality header intactthrough apublic mailing list. The Bugtraq mailing list was especially noted as example even in the header, which should not be allowed to disclosethis.Although a lot of Bugtraq readers might not agree with me here, Ithinkthere is a right under which I can deny the disclosure of this sourcecode.Call it privacy, call it copyright, I do not care about its name.Sebastian is correct. It was an error to approve the message given he clearly stated in the comments he did not wish it distributed. For that I apologize. That being said, it been quite obvious that for a while now that this exploit is being shared in the underground and has been used actively to break into systems. Better control of exploits one does not wish to see distributed may be called for.Oh, and another odd thing, there is no X-Approved-By: this time in the post, I wonder why. Do you know ?The X-Approved-By header was inserted by LISTSERV. We been using ezmlm, which does not insert the header, for a while now.ciao, -scut-- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
Current thread:
- telnetd exploit code cami (Jul 24)
- Re: telnetd exploit code Sebastian (Jul 24)
- Re: telnetd exploit code aleph1 (Jul 24)
- Re: telnetd exploit code Aaron Silver (Jul 24)
- Re[2]: telnetd exploit code dullien (Jul 24)
- Re: telnetd exploit code aleph1 (Jul 24)
- Re: telnetd exploit code Sebastian (Jul 24)
- Re: telnetd exploit code Josh Brandt (Jul 24)
- Re: telnetd exploit code (Tru64) Josh Brandt (Jul 25)
- <Possible follow-ups>
- RE: telnetd exploit code aleph1 (Jul 25)
- RE: telnetd exploit code Dylan Reeve (Jul 26)
- Re: telnetd exploit code Geoff Joy (Jul 26)
- RE: telnetd exploit code Kelly Martin (Jul 26)