Full Disclosure mailing list archives
Re: how to sell and get a fair price
From: Jeffrey Walton <noloader () gmail com>
Date: Tue, 15 Jan 2013 06:28:53 -0500
On Tue, Jan 15, 2013 at 2:48 AM, <gremlin () gremlin ru> wrote:
On 14-Jan-2013 15:39:53 -0500, Valdis.Kletnieks () vt edu wrote: > > After all, a vulnerability and an exploit are intellectual > > products. Not sure copyright could be claimed, but why not? > Actually, claimed or not, if the exploit was coded in a Berne > signatory country, it's almost always automatically copyrighted > at creation (most likely to the coder, or to their employer if > it was a work-for-hire). [...] > More interesting is the question of how to enforce a copyright > claim while remaining anonymous... Is it really necessary to stay anonymous? Writing hmmm... articles about vulnerabilities for some (very specific) media and getting a hmmm... fee for that is mostly legal. Opposed to the use of that information...
I think its a slippery slope in the US. On one hand, you have, for example, Computer Fraud and Abuse Act (FCAA), Digital Millennium Copyright Act (DMCA), and Unlawful Intercept. US corporations are rarely prosecuted under the law (confer, Trustwave [1], Nokia [2]); but individuals are regularly prosecuted (confer, Weev (et al) [3], Wise Guys [4], Dmitry Sklyarov [5]). I'm amazed at how federal law is 'opt-in' for US corporations, but individuals such as Weev/Goatse and Sklyarov must endure politically motivated judicial heavy handedness. In Goatse's case, they aggregated public data (names and email addresses) from a public server offering public services hanging off a public internet. In Sklyarov case, he demonstrated flaws in Adobe's PDF DRM scheme. Note that for Sklyarov, the DMCA (PUBLIC LAW 105–304) has exceptions for reverse engineering and security testing and evaluation. The RE exemption is in Section 1205 (f) REVERSE ENGINEERING). The ST&E exemption is in Section 1205 (i) SECURITY TESTING. If I had copyright over material used for security testing and evaluations, I would probably assert my copyright. If I wrote malware, I would likely want to stay anonymous (confer, David L. Smith and Melissa macro-virus [6]). Jeff [1] http://www.computerworld.com/s/article/9224082/Trustwave_admits_issuing_man_in_the_middle_digital_certificate_Mozilla_debates_punishment [2] http://www.zdnet.com/nokia-hijacks-mobile-browser-traffic-decrypts-https-data-7000009655/ [3] http://en.wikipedia.org/wiki/Weev [4] https://www.eff.org/deeplinks/2010/07/cfaa-prosecution-wiseguys-not-so-smart [5] http://en.wikipedia.org/wiki/Dmitry_Sklyarov [6] http://en.wikipedia.org/wiki/Melissa_(computer_virus) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: how to sell and get a fair price, (continued)
- Re: how to sell and get a fair price Valdis . Kletnieks (Jan 14)
- Re: how to sell and get a fair price Christian Sciberras (Jan 14)
- Re: how to sell and get a fair price Valdis . Kletnieks (Jan 15)
- Re: how to sell and get a fair price gremlin (Jan 16)
- Re: how to sell and get a fair price Valdis . Kletnieks (Jan 18)
- Re: how to sell and get a fair price Mikhail A. Utin (Jan 15)
- Re: how to sell and get a fair price Jeffrey Walton (Jan 15)
- Re: how to sell and get a fair price Nick FitzGerald (Jan 15)
- Re: how to sell and get a fair price Jeffrey Walton (Jan 15)
- Re: how to sell and get a fair price Jeffrey Walton (Jan 15)
- Re: how to sell and get a fair price gremlin (Jan 16)
- Re: how to sell and get a fair price Jeffrey Walton (Jan 16)