[82723] in North American Network Operators' Group
Re: Cisco IOS Exploit Cover Up
daemon@ATHENA.MIT.EDU (James Baldwin)
Thu Jul 28 13:38:45 2005
In-Reply-To: <14180096829173@mail.emanon.com>
Cc: nanog@merit.edu
From: James Baldwin <jbaldwin@antinode.net>
Date: Thu, 28 Jul 2005 13:36:01 -0400
To: swm@emanon.com
Errors-To: owner-nanog@merit.edu
On Jul 28, 2005, at 10:14 AM, Scott Morris wrote:
> While I do think it's obnoxious to try to
> censor someone, on the other hand if they have proprietary internal
> information somehow that they aren't supposed to have to begin
> with, I don't
> think it is in security's best interested to commit a crime in
> order to get
> tighter security.
>
Lynn developed this information based on publicly available IOS
images. There were no illegal acts committed in gaining this
information nor was any proprietary information provided for its
development. Reverse engineering, specifically for security testing
has an exemption from the DMCA (http://cyber.law.harvard.edu/openlaw/
DVD/1201.html).
That being said, what information is he not supposed to have? All the
information he had is available to anyone with a disassembler, an IOS
image, and an understanding of PPC assembly.
If anything, the only "crime" he may or may not have committed is
violation of an NDA with ISS, which should a contractual, civil issue
not a criminal one.
