- Posts: 350
- Thank you received: 0
Cisco IOS Exploit Fiasco
18 years 8 months ago #9414
by nske
Replied by nske on topic Re: Cisco IOS Exploit Fiasco
Well, if he already had the code, then there was nothing to reverse engineer. It could be that he just went for a piece of fame, abusing access to information that was provided to him for his research purposes directly through Cisco and ISS. But I don't like to make speculations on the case since I really don't know the facts.
However and outside of that case, someone that discovered something on his own through detailed auditing and experimentation (it does sound less harsh and nasty than the term "reverse-engineering", right? Still it is the most common method for it!), seems to me that he has any right to make his findings public. This is his fundamental liberty. If he is nice enough to inform the author first and wait for the patch, then he is cool by any means. Even otherwise, nobody can take away from him the right to do anything he wants with the results of his research (well, appart from use them for unlawful activities of course). So I am more concerned, as I said before, about how easily a large corporation can manipulate the legal system to have things done her way. If it was just the Michael Lynn case then ok, but there are many cases involving many companies all the time. And perhaps on the field of security things are just annoying but have less severe direct consequences in practice. Through patern and intelectual property laws though, manipulating the legal system can severely hinder technological progress, competition and ultimately, our freedom of choise.
This is one of the reasons that I prefer to deal with opensource software, because things are crystal clear: nobody has any reason or way to place obstacles on the other's way, instead his work unavoidably benefits the rest. Nothing goes under the carpet. So in the end everything's moving towards the same direction. Sounds ideal huh?
//end of preaching
However and outside of that case, someone that discovered something on his own through detailed auditing and experimentation (it does sound less harsh and nasty than the term "reverse-engineering", right? Still it is the most common method for it!), seems to me that he has any right to make his findings public. This is his fundamental liberty. If he is nice enough to inform the author first and wait for the patch, then he is cool by any means. Even otherwise, nobody can take away from him the right to do anything he wants with the results of his research (well, appart from use them for unlawful activities of course). So I am more concerned, as I said before, about how easily a large corporation can manipulate the legal system to have things done her way. If it was just the Michael Lynn case then ok, but there are many cases involving many companies all the time. And perhaps on the field of security things are just annoying but have less severe direct consequences in practice. Through patern and intelectual property laws though, manipulating the legal system can severely hinder technological progress, competition and ultimately, our freedom of choise.
This is one of the reasons that I prefer to deal with opensource software, because things are crystal clear: nobody has any reason or way to place obstacles on the other's way, instead his work unavoidably benefits the rest. Nothing goes under the carpet. So in the end everything's moving towards the same direction. Sounds ideal huh?
//end of preaching
Time to create page: 0.138 seconds