[IP] Politch subscriber receives takedown lawyergram over Cisco briefing [fs]
Begin forwarded message:
From: Declan McCullagh <declan@xxxxxxxx>
Date: August 1, 2005 7:43:10 PM EDT
To: politech@xxxxxxxxxxxxxxx
Subject: [Politech] Politch subscriber receives takedown lawyergram
over Cisco briefing [fs]
Cisco and Internet Security Systems (ISS) have filed a lawsuit
against Michael Lynn and the Black Hat security conference. The two
companies claim that information disclosed in a talk about a Cisco
vulnerability is proprietary:
http://news.com.com/2100-1002_3-5807551.html
Now they appear (see below) to be sending nastygrams to conference
attendees who posted information about Lynn's presentation to their
own web sites. Right now they're attacking a mirror of the PDF, but
why not a summary of the information in the PDF? Or a news article
with technical information about the vulnerability? This slope is
quite slippery.
-Declan
-------- Original Message --------
Subject: ISS serves takedown notice for Cisco briefing
Date: Fri, 29 Jul 2005 22:59:45 -0400
From: Richard Forno <rforno@xxxxxxxxxxxxxxx>
To: Infowarrior List <infowarrior@xxxxxxxxxxxxxx>
CC: Dave Farber <dave@xxxxxxxxxx>, Bruce Schneier
<schneier@xxxxxxxxxxxxxxx>, Declan McCullagh <declan@xxxxxxxx>
This evening, I received a cease-and-desist (e.g., takedown) notice from
attorneys representing Internet Security Systems (ISS). Having
received and
reviewed their letter, I have removed the file containing Michael Lynn's
controversial Blackhat presentation. A copy of the notice can be
found at:
http://www.infowarrior.org/users/rforno/lynn-cisco.pdf
Looking back at this week's events, my sense is that had the two
companies
involved (Cisco and ISS) said nothing about this briefing, it's quite
likely
that few if any people or news outlets would've given it more than a
passing
thought like so many other vulnerabilities being reported this week
in Vegas
-- after which, it likely would have gotten caught up in the "noise" of
regular security community chatter. But as a result of their heavy-
handed
tactics this week, both Cisco and ISS have ended up publicizing a
serious
vulnerability quite significantly and thusly re-ignited the
discussion over
how the Internet security community handles vulnerability disclosure and
product updates. By serving takedown notices in response to such
situations,
a company demonstrates clearly that it is more concerned with
preserving its
commercial interest in intellectual property than fostering community
awareness and knowledge pertaining to critical internet security issues.
Improvements to internet security will NOT become a reality as the
result of
questionable secrecy or from commercial lawsuits that serve to mask the
more substantial and fundamental problems within the information
security
industry and Internet community at large. Security through obscurity
doesn't work, and neither does security through lawyering. These
practices
make the Internet more, not less, vulnerable.
I will close with a note of appreciation to my web hosting provider for
their understanding and assistance in resolving this situation
promptly and
satisfactorily for all concerned tonight. As for me, it's now time
to enjoy
the weekend.
-Rick
Infowarrior.org
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/