Re: IDS (ISS) and reverse engineering

[rsh () idirect com]

So lets take it one step further... A Mafioso uses a program to encrypt his
files and has a totally secret key [or two] and someone then 'cracks' the
software to be able to recover the files for the purposes of prosecuting the
Mafia member.

Is that illegal as it was done to crack the software or that was legal
because it was done from a legal security perspective?

One or the other applies.

Is it based on the law as written, or on the law as it will be interpreted
in the courts.  Is it intent or is it fact that determines whether one is
doing it illegally or legally?  Is it what is being cracked and for what
purpose or is it that something is being cracked, whatever the purpose.

Time will tell, but for now a pox on the law... since I am NOT in the US or
in Australia.

Incidently, we can also get into a discussion on what happens when the
copyright laws are different in two nations, as they often are for the
LENGTH of the copyright, and someone in a nation where the copyright has
expired cracks it and supplies it to someone in the nation where the
copyright has NOT expired yet.  That can happen with books, and other items
while it has yet to happen with any software recently written.

RSH
Toronto

[I am not cracking software either, but that's not the point...]
--------------------------
On Wed, 26 Nov 2003 14:02:14 -0800, "Drew Copley" <dcopley () eeye com> wrote:

> It is illegal if performed in order to crack the software, or as they
> say, "to circumvent copyright protection". It is not illegal if it is
> from a security perspective. The law is poorly worded and will probably
> be hammered out in the courts, but this kind of situation would be very
> unlikely to be taken by court as it is pretty explicit for security
> research. 
>
> (Now, for an independent researcher doing this without pay, maybe a
> company that feels its' holes should be hidden from the world might make
> the incredibly stupid move of trying to sue the researcher... As has
> happened, and as has been far more stinging to them then if they had
> just dealt with the researcher honestly and professionally.)
>
> > -----Original Message-----
> > From: V.O. [mailto:vosipov () tpg com au] 
> > Sent: Wednesday, November 26, 2003 12:54 PM
> > To: focus-ids () securityfocus com
> > Subject: Fw: IDS (ISS) and reverse engineering
> >
> >
> > (re-submitted by the moderator's request - he asked not to cross-post)
> >
> > Recently I've got to listen to a marketing pitch by an ISS 
> > guy. He was going along the lines of "our X-force 
> > reverse-engineered Microsoft RPC libraries and created 
> > signatures..." and "we use protocol decoding, so we 
> > reverse-engineered various closed-source protocols in order 
> > to create out decoders".
> >
> > What struck me - isn't this kind of activity actually illegal 
> > in the US? To which extent it is possible to disassemble 
> > Windows code? And if it is illegal, then aren't their 
> > customers (plus many other IDSes, with the exclusion of 
> > Snort, probably) in danger - what if Microsoft or whoever 
> > else sues ISS for doing this? :)
> >
> > I'm puzzled.
> >
> >
> > --------------------------------------------------------------
> > -------------
> > --------------------------------------------------------------
> > -------------
>
> ---------------------------------------------------------------------------
> ---------------------------------------------------------------------------

=====================================================
R.S.H.                            Toronto, ON, Canada

                 Copyright retained.
             My opinions - no one elses...
 If this is illegal where you are, do not read it!

---------------------------------------------------------------------------
---------------------------------------------------------------------------