AOH :: PT-1064.HTM

Politch subscriber receives takedown lawyergram over Cisco briefing

Politch subscriber receives takedown lawyergram over Cisco briefing
Politch subscriber receives takedown lawyergram over Cisco briefing



Cisco and Internet Security Systems (ISS) have filed a lawsuit against 
Michael Lynn and the Black Hat security conference. The two companies 
claim that information disclosed in a talk about a Cisco vulnerability 
is proprietary:
http://news.com.com/2100-1002_3-5807551.html 

Now they appear (see below) to be sending nastygrams to conference 
attendees who posted information about Lynn's presentation to their own 
web sites. Right now they're attacking a mirror of the PDF, but why not 
a summary of the information in the PDF? Or a news article with 
technical information about the vulnerability? This slope is quite slippery.

-Declan


-------- Original Message --------
Subject: ISS serves takedown notice for Cisco briefing
Date: Fri, 29 Jul 2005 22:59:45 -0400
From: Richard Forno  
To: Infowarrior List  
CC: Dave Farber , Bruce Schneier 
, Declan McCullagh  


This evening, I received a cease-and-desist (e.g., takedown) notice from
attorneys representing Internet Security Systems (ISS).  Having received and
reviewed their letter, I have removed the file containing Michael Lynn's
controversial Blackhat presentation. A copy of the notice can be found at:
http://www.infowarrior.org/users/rforno/lynn-cisco.pdf 

Looking back at this week's events, my sense is that had the two companies
involved (Cisco and ISS) said nothing about this briefing, it's quite likely
that few if any people or news outlets would've given it more than a passing
thought like so many other vulnerabilities being reported this week in Vegas
-- after which, it likely would have gotten caught up in the "noise" of
regular security community chatter.  But as a result of their heavy-handed
tactics this week, both Cisco and ISS have ended up publicizing a serious
vulnerability quite significantly and thusly re-ignited the discussion over
how the Internet security community handles vulnerability disclosure and
product updates. By serving takedown notices in response to such situations,
a company demonstrates clearly that it is more concerned with preserving its
commercial interest in intellectual property than fostering community
awareness and knowledge pertaining to critical internet security issues.

Improvements to internet security will NOT become a reality as the result of
questionable secrecy or from commercial lawsuits that serve to mask the
more substantial and fundamental problems within the information security
industry and Internet community at large.  Security through obscurity
doesn't work, and neither does security through lawyering. These practices
make the Internet more, not less, vulnerable.

I will close with a note of appreciation to my web hosting provider for
their understanding and assistance in resolving this situation promptly and
satisfactorily for all concerned tonight.  As for me, it's now time to enjoy
the weekend.

-Rick
Infowarrior.org


_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/ 
Moderated by Declan McCullagh (http://www.mccullagh.org/) 


Make REAL money with your website!

The entire AOH site is optimized to look best in Firefox® 2.0 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.