Full Disclosure mailing list archives

Re: Re: Cisco's stolen code

From: Mister Coffee <live4java () stormcenter net>
Date: Wed, 26 May 2004 14:39:17 -0700

On Wed, May 26, 2004 at 03:46:45PM -0500, Ron DuFresne wrote:


      [BIGGER SNIPPAGE]

I'm trying to understand how obtaining and using stolen code, for any
reason, is different then acquiring stolen property in any other context.
If you know the property was obtained illegally, that would make you an
acessory after the fact, would it not?

I suppose that's ultimately something for the lawyers to decide. But imagine it this way - in keeping with the
hypothetical situation we're using in the example: Someone copies an article out of a magazine. They then leave the
photocopies out on a table at the local coffee house that's known for having magazines and books and such out for
people to read.

How have you broken the law if you pick up the copies and read them? You know they are copies, but you don't know
whether they were made with permission, etc. You're not making copies yourself: just reading the ones you find.

My example used a publically accessible website, rather than a download. The website and the coffeehouse serve the
same purpose in the example.

There are actually two points here that are getting confused. The first is whether or not it's legal to get/view/etc.,
the code - and under what conditions. The second is whether it's ethical to publish an advisory based on a review of
that code.

While I strongly feel that simply viewing the code is not a violation of copyright, I readily acknowledge that the
legality is a complex issue. Several people have been talking about the definition of copying, who's responsible, etc.
That's not really the point I'm concerned about. My peronal interest is in whether it's ethical or morally correct to
reveal your findings if you do choose to read the code.

I don't want to delve into the "Legality of copy" issue. My sole purpose, and the reason I tried to use an example
where the acquisition wasn't an issue, was the ethics of auditing.

Cheers,
L4J


Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
      ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Cisco's stolen code, (continued)
- - - Re: Cisco's stolen code x30n (May 25)
  - RE: Re: Cisco's stolen code Aditya, ALD [Aditya Lalit Deshmukh] (May 25)
    - Re: Re: Cisco's stolen code Adam Szilveszter (May 26)
  - Re: Re: Cisco's stolen code Tobias Weisserth (May 26)
- Re: Re: Cisco's stolen code tcleary2 (May 25)
  - Re: Re: Cisco's stolen code James Edwards (May 25)
    - Re: Re: Cisco's stolen code Mister Coffee (May 26)
    - Re: Re: Cisco's stolen code Tobias Weisserth (May 26)
    - Re: Re: Cisco's stolen code Mister Coffee (May 26)
    - Re: Re: Cisco's stolen code Ron DuFresne (May 26)
    - Re: Re: Cisco's stolen code Mister Coffee (May 26)
    - Re: Re: Cisco's stolen code Ron DuFresne (May 26)
    - Re: Re: Cisco's stolen code Mister Coffee (May 26)
    - Re: Re: Cisco's stolen code Ron DuFresne (May 26)
    - Re: Re: Cisco's stolen code Benjamin Krueger (May 26)
    - Re: Re: Cisco's stolen code Valdis . Kletnieks (May 27)
    - Re: Re: Cisco's stolen code Paolo Mattiangeli (May 26)
    - Re: Re: Cisco's stolen code Jason Weisberger (May 26)
    - Re: Cisco's stolen code Rodrigo Gutierrez (May 26)
    - Re: Re: Cisco's stolen code Mister Coffee (May 26)
- Re: Re: Cisco's stolen code Marek Isalski (May 26)

(Thread continues...)