On Jul 28, 2005, at 10:14 AM, Scott Morris wrote:
While I do think it's obnoxious to try to
censor someone, on the other hand if they have proprietary internal
information somehow that they aren't supposed to have to begin
with, I don't
think it is in security's best interested to commit a crime in
order to get
tighter security.
Lynn developed this information based on publicly available IOS
images. There were no illegal acts committed in gaining this
information nor was any proprietary information provided for its
development. Reverse engineering, specifically for security testing
has an exemption from the DMCA (http://cyber.law.harvard.edu/openlaw/
DVD/1201.html).
That being said, what information is he not supposed to have? All the
information he had is available to anyone with a disassembler, an IOS
image, and an understanding of PPC assembly.
If anything, the only "crime" he may or may not have committed is
violation of an NDA with ISS, which should a contractual, civil issue
not a criminal one.
