Full Disclosure mailing list archives

IDS (ISS) and reverse engineering

From: "V.O." <vosipov () tpg com au>
Date: Wed, 26 Nov 2003 20:15:42 +1100

Recently I've got to listen to a marketing pitch by an ISS guy. He was going
along the lines of "our X-force reverse-engineered Microsoft RPC libraries
and created signatures..." and "we use protocol decoding, so we
reverse-engineered various closed-source protocols in order to create out
decoders".

What struck me - isn't this kind of activity actually illegal in the US? To
which extent it is possible to disassemble Windows code? And if it is
illegal, then aren't their customers (plus many other IDSes, with the
exclusion of Snort, probably) in danger - what if Microsoft or whoever else
sues ISS for doing this? :)

I'm puzzled.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

IDS (ISS) and reverse engineering V.O. (Nov 26)
- Nokia IPSO Frederic Charpentier (Nov 26)
  - Re: Nokia IPSO Sandro Littke (Nov 26)
    - Re: Nokia IPSO William Brady (Nov 26)
    - Re: Nokia IPSO Keith W. McCammon (Nov 26)
    - Re: Nokia IPSO Sandro Littke (Nov 26)
    - RE: Nokia IPSO jussi jaakonaho (Nov 26)
    - Re: Nokia IPSO Gareth Bromley (Nov 26)
    - Re: Nokia IPSO Stephen Perciballi (Nov 26)
- Re: IDS (ISS) and reverse engineering Lan Guy (Nov 26)
- Re: IDS (ISS) and reverse engineering Valdis . Kletnieks (Nov 27)

(Thread continues...)