IDS mailing list archives

RE: IDS (ISS) and reverse engineering

From: "Drew Copley" <dcopley () eeye com>
Date: Wed, 26 Nov 2003 14:02:14 -0800

It is illegal if performed in order to crack the software, or as they
say, "to circumvent copyright protection". It is not illegal if it is
from a security perspective. The law is poorly worded and will probably
be hammered out in the courts, but this kind of situation would be very
unlikely to be taken by court as it is pretty explicit for security
research. 

(Now, for an independent researcher doing this without pay, maybe a
company that feels its' holes should be hidden from the world might make
the incredibly stupid move of trying to sue the researcher... As has
happened, and as has been far more stinging to them then if they had
just dealt with the researcher honestly and professionally.)

-----Original Message-----
From: V.O. [mailto:vosipov () tpg com au] 
Sent: Wednesday, November 26, 2003 12:54 PM
To: focus-ids () securityfocus com
Subject: Fw: IDS (ISS) and reverse engineering

(re-submitted by the moderator's request - he asked not to cross-post)

Recently I've got to listen to a marketing pitch by an ISS 
guy. He was going along the lines of "our X-force 
reverse-engineered Microsoft RPC libraries and created 
signatures..." and "we use protocol decoding, so we 
reverse-engineered various closed-source protocols in order 
to create out decoders".

What struck me - isn't this kind of activity actually illegal 
in the US? To which extent it is possible to disassemble 
Windows code? And if it is illegal, then aren't their 
customers (plus many other IDSes, with the exclusion of 
Snort, probably) in danger - what if Microsoft or whoever 
else sues ISS for doing this? :)

I'm puzzled.

--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------


---------------------------------------------------------------------------
---------------------------------------------------------------------------

Current thread:

Fw: IDS (ISS) and reverse engineering V.O. (Nov 26)
- <Possible follow-ups>
- RE: IDS (ISS) and reverse engineering Drew Copley (Nov 26)
  - Re: IDS (ISS) and reverse engineering rsh (Nov 27)
- Re: Fw: IDS (ISS) and reverse engineering PAUL_TAYLOR (Nov 26)
- RE: IDS (ISS) and reverse engineering Teicher, Mark (Mark) (Nov 27)
- Re: Fw: IDS (ISS) and reverse engineering Andrew Plato (Nov 27)