Cisco IOS Exploit Cover Up
James Baldwin
jbaldwin at antinode.net
Thu Jul 28 17:36:01 UTC 2005
On Jul 28, 2005, at 10:14 AM, Scott Morris wrote:
> While I do think it's obnoxious to try to
> censor someone, on the other hand if they have proprietary internal
> information somehow that they aren't supposed to have to begin
> with, I don't
> think it is in security's best interested to commit a crime in
> order to get
> tighter security.
>
Lynn developed this information based on publicly available IOS
images. There were no illegal acts committed in gaining this
information nor was any proprietary information provided for its
development. Reverse engineering, specifically for security testing
has an exemption from the DMCA (http://cyber.law.harvard.edu/openlaw/
DVD/1201.html).
That being said, what information is he not supposed to have? All the
information he had is available to anyone with a disassembler, an IOS
image, and an understanding of PPC assembly.
If anything, the only "crime" he may or may not have committed is
violation of an NDA with ISS, which should a contractual, civil issue
not a criminal one.
More information about the NANOG
mailing list