Re: telnetd exploit code

From: Aaron Silver (asilverat_private)
Date: Tue Jul 24 2001 - 14:22:06 PDT

Next message: sco-securityat_private: "Security Update: [CSSA-2001-SCO.7] OpenUnix, UnixWare: su buffer overflow"

Previous message: Kris Kennaway: "Re: multiple vendor telnet daemon vulnerability"
Next in thread: dullienat_private: "Re[2]: telnetd exploit code"
Reply: dullienat_private: "Re[2]: telnetd exploit code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

There's a question begging to be asked here...

First of all let me say that I don't know Sebastian or his motivations, so I am not infering anything here, simply that this brought up a point that is now itching my head a lot.

If a hacker copyright's his code, and then releases it into the wild, what does that do for his rights under the copyright?

To turn it upside down, I have a machine that has had some hacker code placed on it. I didn't authorize it to be placed on there... Am I to be denied investigating this code (and sharing it with others to help me investigate) because someone placed a copyright notice on the code.

Normally the rights of the individual to swing his arms ends at the tip of another individual's nose.

This issue can get a lot muddier, but I figured I'd start with a simple case. =)

Aaron Silver

aleph1at_private wrote:

> * Sebastian (scutat_private-berlin.de) [010724 09:38]:
> > I do not know who let this posting through, but I think something went
> > seriously wrong here.
> >
> > What do the mailing list administrators do here, letting a confidential
> > source code with full copyright and confidentiality header intact through a
> > public mailing list. The Bugtraq mailing list was especially noted as
> > example even in the header, which should not be allowed to disclose this.
> >
> > Although a lot of Bugtraq readers might not agree with me here, I think
> > there is a right under which I can deny the disclosure of this source code.
> > Call it privacy, call it copyright, I do not care about its name.
>
> Sebastian is correct. It was an error to approve the message given he
> clearly stated in the comments he did not wish it distributed. For
> that I apologize.
>
> That being said, it been quite obvious that for a while now that this
> exploit is being shared in the underground and has been used actively
> to break into systems. Better control of exploits one does not wish
> to see distributed may be called for.
>
> > Oh, and another odd thing, there is no X-Approved-By: this time in the
> > post, I wonder why. Do you know ?
>
> The X-Approved-By header was inserted by LISTSERV. We been using ezmlm,
> which does not insert the header, for a while now.
>
> > ciao,
> > -scut
>
> --
> Elias Levy
> SecurityFocus.com
> http://www.securityfocus.com/
> Si vis pacem, para bellum

Next message: sco-securityat_private: "Security Update: [CSSA-2001-SCO.7] OpenUnix, UnixWare: su buffer overflow"
Previous message: Kris Kennaway: "Re: multiple vendor telnet daemon vulnerability"
Next in thread: dullienat_private: "Re[2]: telnetd exploit code"
Reply: dullienat_private: "Re[2]: telnetd exploit code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 24 2001 - 15:00:34 PDT