Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: Re: Cisco IOS Shellcode Presentation

Re: Cisco IOS Shellcode Presentation

From: bkfsec <bkfsec_at_sdf.lonestar.org>
Date: Tue, 02 Aug 2005 10:44:30 -0400

Michael Holstein wrote:

>
> You bet! .. as it pertains to anything past their demarc at their
> properties, they're entirely free to log and review every packet that
> comes/goes.
>
> That means they can legally review your IM chats, go back and read
> your email from a month ago, whatever ...
>
> The legal precedent for this is essentially "He who onws the network,
> owns the data" (with respect to an employee/employeer relationship).
> It's a bit different for commercial ISPs.
>

(Disclaimer: I'm not a lawyer....)

Actually, it's even a bit more complicated than that. Technically, you
could copyright every e-mail sent to this list. As long as you state
that it is copyright to your legal name, it is, in fact, copyrighted.
Of course, in the case that you send that e-mail to a public mailing
list that you know is archived, it can clearly be argued that your work
was intended to be distributed with license implied for all. However,
that doesn't remove ownership and limited monopoly.

It's not just that they're commercial ISPs versus private networks...
what also matters is who's writing the material and what function
they're serving when they write that material. If you're working at XYZ
Corp and you send out an e-mail, depending on your business arangement
that e-mail is probably copyrighted to XYZ Corp by default since you're
acting as an agent of XYZ Corp.

What makes it possible for us to examine any data which comes in contact
with our networks is, essentially, fair use. If someone transmits a
copy of MS Windows XP across my network, do I own the packets that make
it up? Of course not... if that were true it would be possible to
circumvent every copyright out there. However, since that data was
transmitted across my network, it's fair use for me to analyze it as it
resides on my property. This is particularly true if transmission was
not instigated by the one doing the monitoring.

Sure, the company may own the databases that any packet captures may be
on... but the content in those packet captures may still carry copyright
requirements with it, depending on what it is and how constructable the
data is. Non-solicited transfer may be considered providing a limited
license...

What happens in the event that mass numbers of copyrighted data
including packets get misrouted? I have no idea. :)

In either case, boiler plate restriction statements on e-mail sent to
mailing lists is silly because it is almost definately unenforcable.

                -Barry

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Aug 02 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]