[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] IDS (ISS) and reverse engineering
- To: "V.O." <vosipov@tpg.com.au>
- Subject: Re: [Full-Disclosure] IDS (ISS) and reverse engineering
- From: Ralph Seberry <mischief@optushome.com.au>
- Date: Thu, 27 Nov 2003 08:53:08 +1100
On Wednesday, 26 Nov 2003 at 20:15, V.O. <vosipov@tpg.com.au> wrote:
> Recently I've got to listen to a marketing pitch by an ISS guy. He was going
> along the lines of "our X-force reverse-engineered Microsoft RPC libraries
> and created signatures..." and "we use protocol decoding, so we
> reverse-engineered various closed-source protocols in order to create out
> decoders".
>
> What struck me - isn't this kind of activity actually illegal in the US? To
> which extent it is possible to disassemble Windows code? And if it is
> illegal, then aren't their customers (plus many other IDSes, with the
> exclusion of Snort, probably) in danger - what if Microsoft or whoever else
> sues ISS for doing this? :)
>
> I'm puzzled.
Apparently it is legal both in US and Australia. This link
discusses the Sony/Connectix case in US where Connectix made
numerous unauthorised copies of BIOS during reverse engineering
(and got done for *that*) and the Australian case. ISS is fine
under both US and Aus fair use laws.
http://www.ipcr.gov.au/SUBMIS/docs2/Sub01.pdf
...
Under s 47D of the amended Act, a person may reverse engineer copies of a
program
owned by someone else, but only if they intend to make a product that
interoperates with that
program (this restriction does not apply under the more flexible "fair use"
defence under US
law). In other words, the right would not be available to Connectix in
Australia because the
VGS does not interoperate with the PlayStation console code. It is a substitute
for it.
...
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html