Re: Cisco's stolen code

[Azerail <Azerail () supersecretninjaskills com>]

On Tue, 25 May 2004, Tobias Weisserth wrote:

> Hi Brian,
>
> On Tue, 2004-05-25 at 17:28, Brian Toovey wrote:
> ..
> For me, breaking laws is NOT acceptable under ANY circumstance. I hope
> the majority of people on this list is with me on this.

I'm coming into this thread late, my apologies, but I had to address
the above.  It may very soon be illegal to even *talk* about things
like this.  Attitudes like your's are what fosters computer insecurity
and social passivity in general.  Breaking laws IS acceptable in MANY
circumstances.  DeCSS, the DCMA and other examples serve to illustrate
this.  In other words, you can stick your tail between your legs if
you want, I won't. 

> You can't improve security by breaking laws.

Wanna bet?

> This renders this list and everybody posting here untrustworthy.

As if that wasn't already the case.

> If you want to audit code then stick to the code that is released under
> licenses that allow public code auditing. Don't even think to look at
> code that hasn't be released under an open license. Maybe this will
> motivate more vendors to license their products under an Open Source
> license.

Actually, this is incredible naive.  The only thing that will be
promoted is the penalties attached to the licenses that the vendors
will release their code under.  You have to understand, vetting code
for security flaws takes time and resources.  If most companies can
get away with not doing so, they will.

Azerail

-- 
It is easy when we are in prosperity to give advice to the afflicted.
                -- Aeschylus

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html