RE: implications of recent legal trends

[brian.d.mila () lmco com (Mila, Brian D)]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au

On Tuesday, April 18, 2000 12:58 PM, Stuart Staniford-Chen
[SMTP:stuart () SiliconDefense com] wrote:
> There's a news story at 
>
> http://www.securityfocus.com/news/
>
> under "Copyright War Declared"
<snip> 
> I don't know any more about the case than that.  It was settled so it
> isn't legal precedent.  But presumably the ACLU wouldn't have given in
> unless they thought the case looked pretty bad for their clients.
>
> Now this worries me hugely.  I can't see much difference between
> cphrack, and say Dug Song's fragrouter, or RFP's whisker.pl (with its
> IDS defeating modes), or even Fyodor's nmap (with it's various attempts
> to be stealthy).  Are we going to see IDS vendors taking people to court
> for distributing tools that seek to bypass IDS detection?
<snip>

The article failed to mention that the reason for the lawsuit was because
Cyber Patrol was copyrighted
with express limitations against decompilation and reverse-engineering,
which is what was used to 
expose the secret list of blocked sites from the Cyber Patrol program.
However, this doesn't apply
to fragrouter, whisker, etc., that only supply input which the program
wasn't designed to handle.  
Subtle difference? Perhaps.  But one that the lawyers are quick to point
out.  The real meat of the
story (not mentioned in that article) was that the author of cphack had
GPL'ed it, so legally can 
Mattel claim the rights to it? I believe this is why the ACLU got involved
in the first place.  

Brian