Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: InfoSec sleuths beware, Microsoft's attorneys may be knocking at your door

From: Blue Boar <BlueBoar () thievco com>
Date: Wed, 18 Feb 2004 15:39:56 -0800
Cael Abal wrote:


| There are clear, admitted cases of reverse engineering by vulnerabiity
| researchers, which are prohibited by EULA, and which MS has so far
| declined to pursue.  Why should this be different?  MS afraid the EULA
| restrictions wouldn't hold up?

Unless the individual who downloaded the leaked source clicked an 'I
agree not to do anything naughty with this source' button, EULAs have
nothing to do with this particular issue.
The "EULA" reference is in regards to reverse engineering, as shown in the bit of text you have quoted. No one is trying to claim that there is a EULA on the stolen source. I have to wonder if you are being intentionally obtuse in trying to make it look like that is what is being discussed.
The point is, in case you really did miss it, is that Microsoft already has a basis for going after the vulnerability researchers if they choose to. All the exploit writers I know have a habit of disassembling MS binaries that explicity forbid that in the EULA. Therefore, I doubt that they will go after vuln researchers who use the source code instead/in addition to reverse engineering.
The original poster made a decent case that perhaps MS has a stronger legal stance with regard to the source, so maybe I'm wrong. 

                                                BB

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: