Re: telnetd exploit code

[Aaron Silver <asilver () epoch net>]

There's a question begging to be asked here...

First of all let me say that I don't know Sebastian or his motivations, so I am not infering anything here, simply that 
this brought up a point that is now itching my head a lot.

If a hacker copyright's his code, and then releases it into the wild, what does that do for his rights under the 
copyright?

To turn it upside down, I have a machine that has had some hacker code placed on it. I didn't authorize it to be placed 
on there... Am I to be denied investigating this code (and sharing it with others to help me investigate) because 
someone placed a copyright notice on the code.

Normally the rights of the individual to swing his arms ends at the tip of another individual's nose.

This issue can get a lot muddier, but I figured I'd start with a simple case. =)

Aaron Silver

aleph1 () securityfocus com wrote:

> * Sebastian (scut () nb in-berlin de) [010724 09:38]:
> > I do not know who let this posting through, but I think something went
> > seriously wrong here.
> >
> > What do the mailing list administrators do here, letting a confidential
> > source code with full copyright and confidentiality header intact through a
> > public mailing list. The Bugtraq mailing list was especially noted as
> > example even in the header, which should not be allowed to disclose this.
> >
> > Although a lot of Bugtraq readers might not agree with me here, I think
> > there is a right under which I can deny the disclosure of this source code.
> > Call it privacy, call it copyright, I do not care about its name.
>
> Sebastian is correct. It was an error to approve the message given he
> clearly stated in the comments he did not wish it distributed. For
> that I apologize.
>
> That being said, it been quite obvious that for a while now that this
> exploit is being shared in the underground and has been used actively
> to break into systems. Better control of exploits one does not wish
> to see distributed may be called for.
>
> > Oh, and another odd thing, there is no X-Approved-By: this time in the
> > post, I wonder why. Do you know ?
>
> The X-Approved-By header was inserted by LISTSERV. We been using ezmlm,
> which does not insert the header, for a while now.
>
> > ciao,
> > -scut
>
> --
> Elias Levy
> SecurityFocus.com
> http://www.securityfocus.com/
> Si vis pacem, para bellum