Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Intrusion Detection Systems: implications of recent legal trends

implications of recent legal trends

From: Stuart Staniford-Chen <stuart_at_SiliconDefense.com>
Date: Tue, 18 Apr 2000 10:57:42 -0700

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo_at_uow.edu.au

There's a news story at

http://www.securityfocus.com/news/

under "Copyright War Declared"

which really set me thinking about the implications of the recent legal
trends in the US for our field. (It would be interesting to hear about
the legal situation in other countries too). Here's a quote from the
story (fair use, honest!)

> Meanwhile, the ACLU is representing three people who mirrored
> cphack, a utility that allows users to bypass the Cyber Patrol
> web filtering program and to view its secret list of blocked
> sites. That case ended in a settlement when cphack's authors
> agreed to transfer ownership of the program to plaintiff Mattel,
> owner of Cyber Patrol. A federal judge in Boston issued a
> permanent injunction in the case barring anyone "in concert"
> with the program's authors from mirroring the program, and the
> ACLU announced Wednesday it was appealing that decision to the
> 1st Circuit Court of Appeals.

I don't know any more about the case than that. It was settled so it
isn't legal precedent. But presumably the ACLU wouldn't have given in
unless they thought the case looked pretty bad for their clients.

Now this worries me hugely. I can't see much difference between
cphrack, and say Dug Song's fragrouter, or RFP's whisker.pl (with its
IDS defeating modes), or even Fyodor's nmap (with it's various attempts
to be stealthy). Are we going to see IDS vendors taking people to court
for distributing tools that seek to bypass IDS detection?

That would be an absolute disaster for the field. We need people to be
able to create and distribute these kinds of tools so that IDS builders
are forced to do their job properly. And trying to suppress them
legally will not prevent them from being distributed in the underground
community. All it will do is prevent law-abiding security experts from
having access to them.

Thoughts?

Stuart. 

-- 
Stuart Staniford-Chen --- President --- Silicon Defense
                   stuart_at_silicondefense.com
(707) 822-4588                     (707) 826-7571 (FAX)
Received on Apr 18 2000
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos