[Moderator: This is from the opening page on the l0pht web page right now. The page links to more information so please visit those links as well. I don't think I have to go into it on the serious nature of these issues and how it will affect security companies.] (http://www.l0pht.com) New WIPO treaty threatens the legality of legitimate hacking 06.22.1998 The World Intellectual Property Organization treaty has already passed the US Senate and is close to passing in the House. The treaty would make it illegal, with extremely stiff penalties, to break security schemes without the permission of the company that makes the product. Programs like l0phtcrack would be made illegal. People could not publish vulnerabilities in products and encryption schemes. We would go back to the days of security vulnerabilities only circulating in the underground as lists like Bugtraq are made illegal. This is plain and simple security through obscurity. Intellectual property owners are using the legal system to protect their products instead of the tried and true method of open systems and public review. How will we know if anything is secure if all the "white papers" and reports on a system's security are paid for by the manufacturers only? Unbiased, "Consumer Reports-like" groups will be outlawed. L0pht is vehemently opposed to this proposed treaty. It has serious freedom of speech implications. It also gives companies a license to produce shoddy, inadequate systems without fear of exposure. Read more about this treaty: Treaty could stymie ethical security tests, PC Week Visit EFF and find out how you can fight this. Detailed info on the treaty with commentary. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:56:56 PDT