RE: [Full-disclosure] <Cisco Message> Mike Lynn's controversialCisco Security Presentation

From: Lyal Collins (lyal.collins_at_key2it.com.au)
Date: 07/30/05

  • Next message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-disclosure] Cisco IOS Shellcode Presentation"
    To: "'J.A. Terranson'" <measl@mfn.org>, "'Jason Coombs'" <jasonc@science.org>
    Date: Sat, 30 Jul 2005 12:04:39 +1000
    
    

    Ianal, but I think jurisdictions may have issues with receiving and
    using/profiting from stolen 'property', regardless of whether that property
    is an information/intangible asset or a tangible asset.

    In practical terms the information is 'published' as in available to a broad
    range of readers.
    Available != free to use without consequences in all possible circumstances.

    As to the rights and wrongs at the centre of this thread - let the
    discussions proceed!

    Lyal

    -----Original Message-----
    From: full-disclosure-bounces@lists.grok.org.uk
    [mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of J.A.
    Terranson
    Sent: Saturday, 30 July 2005 11:51 AM
    To: Jason Coombs
    Cc: Russell Smoak; full-disclosure@lists.grok.org.uk; nanog@merit.edu;
    fergdawg@netzero.net
    Subject: Re: [Full-disclosure] <Cisco Message> Mike Lynn's
    controversialCisco Security Presentation

    On Fri, 29 Jul 2005, Jason Coombs wrote:

    <cutting to the chase>

    > Now, if RC4 had never been used to create a product and had been kept
    > as a trade secret, and that secret had been published, then it would
    > not have become, automatically, an unencumbered algorithm that could
    > be used by anyone with impunity. There being no way other than theft
    > of trade secret for a third party to come to know the algorithm, had a
    > court order been obtained to halt the spread of the secret the
    > algorithm itself could very well have been kept as protectable
    > intellectual property until such time as the company that enjoyed a
    > commercial advantage through preservation of their RC4 trade secret
    > had concluded the public distribution of a product that somebody else
    > could have reverse engineered.

    The problem here is essentially one of mass distribution. There are now
    *millions* of copies of these "secrets" in general circulation. Nobody can
    assert with a straight face that anything about Lynn's presentation is not
    completely and totally within the public view - and irretrievably so.

    -- 
    Yours,
    J.A. Terranson
    sysadmin@mfn.org
    0xBD4A95BF
    "A stock broker is someone who handles your money until its all gone." Diana
    Hubbard (of Scientology fame)
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/
    

  • Next message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-disclosure] Cisco IOS Shellcode Presentation"

    Relevant Pages

    • Re: Evaluation of MegaSnakeOil by "expert"
      ... >> unknown to the public. ... Consequently nobody in the ... > it's not such a bad algorithm after all. ... to treat it as a trade secret? ...
      (sci.crypt)
    • Re: After Image registration?
      ... Like Rob says, if someone publishes something then they pretty much ... keep it a trade secret. ... you own your implementation of that algorithm. ... expired), SIFT - http://en.wikipedia.org/wiki/Scale-invariant_feature_transform), ...
      (comp.soft-sys.matlab)