RE: Reverse Engineering: Legal or illegal?

["Craig Wright" <cwright () bdosyd com au>]

It all depends on where you are, what you are reversing and how good the
other sides lawyers are.

In the US the DMCA covers a large amount of issues with reversing
software. This is valid software mind you. As for the initial part of
the post, a virus writer has no recourse. The act of writing a virus is
in itself illegal and you can not initiate an action to protect an
illegal act.

So there is no downside to reversing a virus. Though it is technically
still illegal, it is not criminal and there is no civil recourse against
you.

Regards
Craig



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of evb
Sent: Wednesday, 1 November 2006 7:10 AM
To: security-basics () securityfocus com
Subject: RE: Reverse Engineering: Legal or illegal?

IAAL, and consider the following site a good place to start to think
about
the problem:

http://www.chillingeffects.org/reverse/faq.cgi


Eric

:-----Original Message-----
:From: listbounce () securityfocus com
:[mailto:listbounce () securityfocus com] On Behalf Of Ziemniak,
:Terrence M.
:Sent: Tuesday, October 31, 2006 8:53 AM
:To: shyaam () gmail com
:Cc: security-basics () securityfocus com
:Subject: RE: Reverse Engineering: Legal or illegal?
:
:Shyaam,
:
:I am certainly not a lawyer, but I think the only issues in RE
:would be copyright protection.  I can't imagine a virus author
:fighting you on that.
:
:PS - When you have a legal license to use software there is
:law on the books about when RE is allowed.  This link (section
:F) is the relevant
:law: http://www.copyright.gov/title17/92chap12.html#1201
:
:
:Terry Ziemniak, CISSP
:Information Security Operations, Team Lead Sears Holdings
:Corporation v. 847-286-4679 e. TZiemn2 at Searshc.com
:-----Original Message-----
:From: listbounce () securityfocus com
:[mailto:listbounce () securityfocus com]
:On Behalf Of Alice Bryson <abryson () bytefocus com>
:Sent: Tuesday, October 31, 2006 8:56 AM
:To: shyaam () gmail com
:Cc: security-basics () securityfocus com
:Subject: Re: Reverse Engineering: Legal or illegal?
:
:I'm a virus analysis of a security company, as far as i know,
:RE is common in security company, otherwise how we analysis
:virus and get signature? ask the virus writters for source
:code? just kidding~
:
:--
:mailto:abryson () bytefocus com
:
:28 Oct 2006 00:03:15 -0000, shyaam () gmail com <shyaam () gmail com>:
:> I wanted to start a website that LINKS to all RE websites around the
:world. This website wowuld be hosted within US but will just
:LINK to all other RE Websites.
:>
:> Second question is, would it be fine if this website stores just
:tutorials related to RE and not the original softwares that help on RE.
:>
:> RE has been common for a very long time within US for the AV/IDS and
:IPS companies for deriving the signatures from the
:exploits(according to my knowledge, which is limited). So I
:wanted to gather some knowledge from the Security Focus groups
:if I am right and the legal points of such things.
:>
:> PS: I am sorry if I emailed the wrong group.
:> I hope that this email doesnt start an irrational argument in this
:group, please do give your rude comments if any to my personal
:email, so that the sanity of groups is protected.
:>
:> Kind Regards,
:> Shyaam
:>


Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. 

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------