Full Disclosure mailing list archives
Re: Symantec wants to criminalize security info sharing
From: Azerail <Azerail () supersecretninjaskills com>
Date: Thu, 11 Sep 2003 11:15:21 -0700
On Thu, 11 Sep 2003, Jonathan Rickman wrote:
-----BEGIN PGP SIGNED MESSAGE----- On Thursday 11 September 2003 09:47, Richard M. Smith wrote:For example, if Symantec were to get this law passed, are they prepared to see their employees who work on the Bugtraq email list go to jail?Of course not. They'll just shut it down. They don't want to see vulnerabilities discussed openly because that keeps them from being able to charge for advisories. The fact that these services still exist is due to their fear of community backlash, not corporate goodwill. Don't kid yourself, there are plenty of others out there just like them who would like nothing more than to make the so called "security community" an exclusive club open only to corporate types who see things their way. Many of them are among us. Fortunately, in most cases the good they do outweighs the ill will that they harbor. Eventually the thirst for more revenue will push them over the edge, and I for one, believe that the first one to step over that line will suffer such a backlash that the others contemplating following them will go back to their corners and sulk. If I had to bet on who the first will be, I would probably put my money on Symantec. I don't have anything against them particularly, but I think they are very close to the edge, as this quote indicates.
What's interesting about that is a certain perception in the security community of "us vs. them". Mostly the corporate types who are merely well-trained (if that), and no real knowledge of the working of what was once the "computer underground". I wonder if the law were to come to pass, how many of the computer security professionals would resort to the tactics of their enemy in order to gain the knowledge neccesary to protect their machines and networks. Will the days of anonymous proxies and irc come again? Something better? I almost hope it does come to pass, as the community will just adapt. It's just an escalation of the game that was started long ago. Those of you who would seek to withhold and control would do well to remember that. It's interesting that Symantec would force people who would otherwise have been customers into criminals. All in all, I agree, Symantec will probably force Bugtraq to either censor or charge for security updates, and it very well could have been the goal of them aquiring Butraq in the first place. Security information (and information in general) should remain in control of the people, not the corps. Just my ramble. Azerail -- Being conquered lies within the enemy. Being unconquerable lies within oneself _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Symantec wants to criminalize security info sharing Richard M. Smith (Sep 11)
- Re: Symantec wants to criminalize security info sharing Jonathan Rickman (Sep 11)
- Re: Symantec wants to criminalize security info sharing Azerail (Sep 11)
- Re: Symantec wants to criminalize security info sharing Adam Shostack (Sep 11)
- Re: Symantec wants to criminalize security info sharing Gregory A. Gilliss (Sep 11)
- Re: Symantec wants to criminalize security info sharing Blue Boar (Sep 11)
- Re: Symantec wants to criminalize security info sharing Darren Reed (Sep 12)
- <Possible follow-ups>
- RE: Symantec wants to criminalize security info sharing Jason Coombs (Sep 11)
- Re: RE: Symantec wants to criminalize security info sharing l8km7gr02 (Sep 11)
- RE: RE: Symantec wants to criminalize security info sharing Jason Coombs (Sep 11)
- Re: RE: Symantec wants to criminalize security info sharing l8km7gr02 (Sep 11)
- RE: Symantec wants to criminalize security info sharing Thor Larholm (Sep 11)
- Re: Symantec wants to criminalize security info sharing Jonathan Rickman (Sep 11)