Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Symantec Buys SecurityFocus, among others....

From: full-disclosure () lists netsys com (Eric Nelson)
Date: Thu, 18 Jul 2002 16:29:35 -0700
What about publishing and copyrighting the exploit?   It's more legal
ammo to go after whoever uses it for malicious purposes.

Of course this doesn't *stop* the use of the exploit (discourages
perhaps?), it just increases the penalties when one gets caught using
it.


-Eric


On Thu, 18 Jul 2002, Blue Boar wrote: 


Perhaps the best way to beat these cash hounds at their own game
is to start using a strictly not-for-profit licensing on all

released

advisories and proof-of-concept code which stipulates that

for-profit

companies may not use said information in any way.


Interesting concept.  How do you propose to copyright an idea?


        The idea cannot be copyrighted[1], but the code (which includes
the exploit methodology) can be copyrighted with all the cursory terms
and conditions for use.



You can decline to let someone mirror your exploit or advisory

verbatim,

but there's nothing you can do to keep someone from reporting about a
vulnerability. 


        Sure you can...especially under the auspices of the DMCA.  Hell,
when you get down to it, all we need is one wild-eyed lawyer[2] on our
side who'll toss a flurry of lawsuits and we'll pretty much have the
corporate security firms by the short-and-curlies.

        All kidding aside, I like the notion of encrypting the data and
putting stipulations on the decryption.  Seems rather like poetic
justice
to me.  Call it the Sklyarov cipher...

- -Jay

1.  Ideas, names and phrases can be trademarked, however.

2.  Maybe one with experience via the Church of Scientology, or the one
    who brought us McDonald's coffee cups that now read "Allow to cool
    before applying to genitals"...

  (    (
_______
  ))   ))   .--"There's always time for a good cup of coffee"--.

====<--.

C|~~|C|~~| (>------ Jay D. Dyson -- jdyson () treachery net ------<) |    =
|-'
 `--' `--'  `-- I'll be diplomatic...when I run out of ammo. --'
`------'

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iD8DBQE9N0pAGI2IHblM+8ERAlAnAJ9AbZ/g4I5cPUL3KogHYDjQK5p4VgCeN1pY
Q9sVUOYHOhysxYYetRqAzCo=
=+6qq
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Full-Disclosure () lists netsys com
http://lists.netsys.com/mailman/listinfo/full-disclosure
Previous By Date Next
Previous By Thread Next

Current thread: