Re: Symantec wants to criminalize security info sharing

[Azerail <Azerail () supersecretninjaskills com>]

On Thu, 11 Sep 2003, Jonathan Rickman wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Thursday 11 September 2003 09:47, Richard M. Smith wrote:
>
> > For example, if Symantec were to get this law passed, are they prepared
> > to see their employees who work on the Bugtraq email list go to jail?
>
> Of course not. They'll just shut it down. They don't want to see 
> vulnerabilities discussed openly because that keeps them from being able 
> to charge for advisories. The fact that these services still exist is due 
> to their fear of community backlash, not corporate goodwill. Don't kid 
> yourself, there are plenty of others out there just like them who would 
> like nothing more than to make the so called "security community" an 
> exclusive club open only to corporate types who see things their way. 
> Many of them are among us. Fortunately, in most cases the good they do 
> outweighs the ill will that they harbor. Eventually the thirst for more 
> revenue will push them over the edge, and I for one, believe that the 
> first one to step over that line will suffer such a backlash that the 
> others contemplating following them will go back to their corners and 
> sulk. If I had to bet on who the first will be, I would probably put my 
> money on Symantec. I don't have anything against them particularly, but I 
> think they are very close to the edge, as this quote indicates.

What's interesting about that is a certain perception in the security
community of "us vs. them".  Mostly the corporate types who are merely
well-trained (if that), and no real knowledge of the working of what
was once the "computer underground".  I wonder if the law were to come
to pass, how many of the computer security professionals would resort
to the tactics of their enemy in order to gain the knowledge neccesary
to protect their machines and networks.  

Will the days of anonymous proxies and irc come again? Something
better?  I almost hope it does come to pass, as the community will
just adapt.  It's just an escalation of the game that was started long
ago.

Those of you who would seek to withhold and control would do well to
remember that.

It's interesting that Symantec would force people who would otherwise 
have been customers into criminals.

All in all, I agree, Symantec will probably force Bugtraq to either
censor or charge for security updates, and it very well could have
been the goal of them aquiring Butraq in the first place.   Security
information (and information in general) should remain in control of
the people, not the corps.  

Just my ramble.

Azerail

-- 
Being conquered lies within the enemy. Being unconquerable lies within oneself

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html