On Wednesday, July 25, 2001 9:08 PM, Greg A. Woods [SMTP:woodsat_private] wrote: > [ On Wednesday, July 25, 2001 at 20:27:51 (-0400), Eric D. Williams wrote: ] > > Subject: RE: hacker copyrights was [RE: telnetd exploit code] > > > > With all do respect it is clear the case especially the Godwin ref. are not > > directly material to the issue / topic here but rather the application of > > the principles herein as you discussed. > > Well I see the Godwin article as primarily discussing whether or not > crackers can get in trouble by publishing some document that they find > through their (illegal) efforts, and as such only marginally applicable > to the quite opposite question posed here. > I agree. > > I am not clear on what your allusion to self-propagating worm is here, > > I believe this thread started where a question was asked whether > > a cracker would be protected from scrutiny by copyright. > > The question that opened this thread, IIRC, was asking whether or not > someone publishing an analysis of a worm or virus would be violating the > copyright of worm/virus author. The original question also asked if the > worm/virus code could be shared. > I concur, and an additional question was posed as a hypothetical: On Tuesday, July 24, 2001 5:22 PM, Aaron Silver [SMTP:asilverat_private] wrote: "...I have a machine that has had some hacker code placed on it. I didn't authorize it to be placed on there... Am I to be denied investigating this code (and sharing it with others to help me investigate) because someone placed a copyright notice on the code." I broadened the hypothetical by inferring that the 'hacker code' was placed or 'created' on said machine and it was discovered subsequent to the intrusion with a copyright notice in source as in the message from this list. The anti-scrutiny argument was bolstered by the argument of one poster saying: On Tuesday, July 24, 2001 11:38 AM, Sebastian [SMTP:scutat_private-berlin.de] wrote: "...letting a confidential source code with full copyright and confidentiality header intact through a public mailing list. The Bugtraq mailing list was especially noted as example even in the header, which should not be allowed to disclose this." and, from the offending post (parts deleted or changed to protect the innocent): On Tuesday, July 24, 2001 1:59 AM, cami [SMTP:camisat_private] wrote: 8<snip----- * * The contents of these coded instructions, statements and computer * programs may not be disclosed to third parties, copied or duplicated in * any form, in whole or in part, without the prior written permission of * h4x0r Security. This includes especially the Bugtraq mailing list, the * www.h4ck.co.ls website and any public exploit archive. * * (C) COPYRIGHT h4x0r Security, 2001 * All Rights Reserved * ***************************************************************************** I guess I goofed by not explaining fully my re-stating of the question. For the sake of clarity it is: If found on a system as residual data/file or deposited data/file on a system due to an intrusion, would this copyright affect the ability to re-distribute this source code for analysis. I think we concur that it would not limit a sysadmin in any way, in part do to the nature of its reception. Although it *may* technically be construed as infringement, that case probably would not stand the examination of a favorable judge if couched as an exercise of forensic examination. > Under normal circumstances, in at least many modern "Western" legal > jurisdictions, copyright is implict and does not have to be registered > to be valid. This means that a virus/worm author has implicitly > reserved all of their rights under copyright law even if they don't > include any kind of copyright licensing notice. So the original > question was indeed partly on-track w.r.t. whether or not the worm/virus > code could be shared. While strictly speaking it's probably not legal > to make more copies of the worm/virus code to share with other analysts, > that doesn't mean you can't "show" your copy to them. However as I've > argued it would seem that due to the nature of worm/virus self- > propagation the author must implictly relinquish his or her right to > control redistribution, at least free redistribution, since nobody can > prove one way or another how some second analyst might have obtained a > copy of the code when all initial distribution is anonymous (and free). > > -- > Greg A. Woods > > +1 416 218-0098 VE3TCP <gwoodsat_private> <woodsat_private> > Planix, Inc. <woodsat_private>; Secrets of the Weird <woodsat_private> Me thinks we have parity... Ciao, Eric Williams, Pres. Information Brokers, Inc. Phone: +1 202.889.4395 http://www.infobro.com/ Fax: +1 202.889.4396 mailto:ericat_private For More Info: infoat_private PGP Public Key http://new.infobro.com/KeyServ/EricDWilliams.asc Finger Print: 1055 8AED 9783 2378 73EF 7B19 0544 A590 FF65 B789
This archive was generated by hypermail 2b30 : Thu Jul 26 2001 - 14:48:44 PDT