|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: IDS: RE: implications of recent legal trends
From: Dug Song (dugsong
monkey.org)Date: Wed Apr 19 2000 - 09:44:54 CDT
- Next message: Stuart Staniford-Chen: "IDS: Re: implications of recent legal trends"
- Previous message: Shafik Yaghmour: "Re: IDS: implications of recent legal trends"
- In reply to: Mila, Brian D: "IDS: RE: implications of recent legal trends"
- Next in thread: Stuart Staniford-Chen: "IDS: Re: implications of recent legal trends"
- Reply: Dug Song: "Re: IDS: RE: implications of recent legal trends"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
-----------------------------------------------------------------------------
On Tue, 18 Apr 2000, Mila, Brian D wrote:
> Cyber Patrol was copyrighted with express limitations against
> decompilation and reverse-engineering, which is what was used to
> expose the secret list of blocked sites from the Cyber Patrol program.
> However, this doesn't apply to fragrouter, whisker, etc., that only
> supply input which the program wasn't designed to handle.
many companies have 'vow of silence' clauses in their licenses as well,
preventing publication of any review of their product without prior
written permission. we ran into this problem withmost of the big IDS
vendors, who did not grant us such permission when we sought to publish
our initial nidsbench results (even with a half year of grace).
such licensing schemes force researchers to either kludge around with
datasets provided by third parties (as we did for the Citrix ICA crack),
publish demonstration code for actual testing by the public (as we did for
the recent FTP PASV/PORT firewall penetration technique), or publish poor
research with inconclusive results (as we did with nidsbench).
without access to systems for testing, and permission to publish the
results of those tests, security research treads a fine line, or is forced
underground. it's bad enough already, and ill-conceived legislation like
UCITA only promises to make things worse.
-d.
--- http://www.monkey.org/~dugsong/
- Next message: Stuart Staniford-Chen: "IDS: Re: implications of recent legal trends"
- Previous message: Shafik Yaghmour: "Re: IDS: implications of recent legal trends"
- In reply to: Mila, Brian D: "IDS: RE: implications of recent legal trends"
- Next in thread: Stuart Staniford-Chen: "IDS: Re: implications of recent legal trends"
- Reply: Dug Song: "Re: IDS: RE: implications of recent legal trends"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]