Posts tagged `legal`
Ghost in the Wires: My Adventures as the World's Most Wanted Hacker Ghost in the Wires: My Adventures as the World's Most Wanted Hacker by Kevin Mitnick
Publisher: Little, Brown and Company
Year: 2011
Pages: 432

Social Engineering was my hobby horse as an undergraduate IT major; I say this as though I’m an old veteran of the IT industry, but I’m not—I’m a fresh-faced, startup-mentality programmer. One of the reasons I always focused on social engineering in my various papers and projects, however, is I was exposed early to the idea of Kevin Mitnick. This isn’t to say I was particularly familiar with his exploits, or even well-versed in the technology of his area, but the notion that you could con your way into systems without necessarily programming or “hacking” was easy enough to understand.

Read more…

§7311 · October 14, 2011 · (No comments) · Tags: , , , , , ,

rev. 15 April 2009; get the PDF

The laws that protect the creation of content are manifold and complicated—even byzantine. America has copyright protection, which applies to concrete expressions of information, trademark protection, which protects distinctive symbols or verbiage associated with a legal entity, and patent protection, which protects “(1) processes, (2) machines, (3) manufactures or (4) compositions of matter” and is perhaps the least understood of all the various kinds of intellectual property protection (Guntersdorfer, 2003).

The explosion of the Internet in the late 20th and early 21st centuries has thrown into stark relief both the legal problems associated with protecting content in a digital age as well as the ethical issues inherent in the existing process for acquiring official intellectual property protection and the rights afforded involved parties in a redress of grievances. Copyright law specifically has come into public consciousness primarily due to the popularity of filesharing: for all intents and purposes, the advent of modern filesharing was the 1999 arrival of Napster, a program which allowed anyone to exchange digital copies of music online, for free. Legal problems eventually forced Napster to shut down (Ante, Brull, Herman , & France, 2000), but its legacy leaves not only alternative modes of filesharing, but a whole host of new web-based content creation engines that toe the lines of fair use.

Read more…

§3801 · April 21, 2009 · (No comments) · Tags: , , , ,

The Fugitive Game: Online with Kevin Mitnick The Fugitive Game: Online with Kevin Mitnick by Jonathan Littman
Publisher: Little, Brown and Company
Year: 1997
Pages: 416

As someone who spends a lot of time reading computer and security news, I’m no stranger to Kevin Metnick. I did an entire paper on social engineering, in fact, and you just know that I at least mentioned Mitnick. If that name has passed too far out of the cultural zeitgeist for you to know, you can do a bit of background reading before continuing this review. In short, Kevin Mitnick was a famous hacker in the mid-90s who was eventually caught by the FBI and served about five years in jail.

There is much myth about Kevin Mitnick, some of it still continuing today, although the public has by and large forgotten about him. There’s the old yarn about how, as a teenager, he hacked his way into NORAD, eventually inspiring the movie Wargames; this, needless to say, is spurious and false.

You may be familiar with another book about Mitnick’s capture; entitled Takedown, it was written by Tsutomu Shimomura and John Markoff. The former is a mysterious security researcher / hacker / spook who somehow assisted in Mitnick’s eventual capture; the latter is a journalist who claimed to know all about Mitnick—that is, in the form of junk articles for the New York Times that more often than not perpetuated Mitnick myths or regurgitated exaggerated government nonsense about the extent of his crimes.

Reading the previous paragraph, you may get the impression that I don’t think very highly of Markoff, and it’s true that from what I know of his Mitnick writings, he seems something of a hack. The Fugitive Game is a book written by another journalist involved in the Mitnick case, one Jonathan Littman, ostensibly to (1) set right some common misconceptions about Mitnick, (2) ask some damning questions about the role of Shimomura and Markoff in Mitnick’s capture, and the dubious legality of their involvement at all; finally, (3) Littman brings to light a new view of Mitnick, based on extensive phone interviews when Mitnick was in hiding. For reasons of which I dare not speculate, Mitnick formed a strange bond with Littman, and was at times surprisingly candid with him. The Mitnick that Littman paints is a relatively harmless nerd, not motivated by profit, and though certainly prolific in the number of systems he penetrated, almost never guilty of the monetary damages that he’s accused of.

I was initially skeptical of The Fugitive Game; the first section, which sets context, introduces a number of hacker personalities, and basically paints the FBI as regulation-skirting doofuses, reads like a bad detective novel. The characters seem exaggerated, almost stereotyped. I narrowly avoided giving up on it, but decided to wait until the promised Mitnick/Littman phone interviews took place. The good news is that the story gets better; the bad news is that the book still fails to be particularly interesting, especially more than a decade after the fact.

Perhaps I’m just too millennial: reading a book about über-l33t h4ck3rz using “high-speed” 14.4Kb modems makes me both giggle and cringe, knowing full well that the readers of 2018 will shake their heads in horror at the thought of a 6Mbps ADSL connection Most of the hacking here involves the phone companies: wiretapping, stolen cell phone serial numbers, ISP hacking, &tc.

What’s most interesting about Mitnick is that, as Littman seems to stress, he’s not particular concerned with coding. He’s not really a programmer; Mitnick was most famous for his social engineering: he plucked phone numbers and likely passwords out of corporate dumpsters. He gamed telephone operators into giving up information. He used available tools, like the Berkeley Packet Filter to exploit unpatched vulnerabilities in the Unix systems of corporations and ISPs.

The Fugitive Game likely isn’t as dramatic as Takedown; Littman doesn’t seem particularly concerned with hyping Mitnick’s case. He spends a lot more time trying to flesh out Mitnick qua human being, and exposing the gross exaggerations related to his story. I can’t say that the much-anticipated phone interviews with Mitnick were anything to write home about, but I at least credit Littman for writing about Mitnick in a way that fellow computer enthusiasts can appreciate.

§2010 · March 17, 2008 · 1 comment · Tags: , , , , ,

The flame-wars between GPL and BSD proponents flared up again this weekend. Marcus Glocker, an OpenBSD developer, used GPLed driver code for the “bcw” driver (Broadcom wireless) he was developing, and which he had committed to OpenBSD’s public CVS server.

First, it’s important to note that GPL and BSD are not necessarily compatible licenses. GPL requires that modifications to the source code be made available, and it also requires that any project which uses it must also be open source. BSD does not. Therefore, in theory, Broadcom—a very nasty vendor—could take said code from OpenBSD’s CVS server, under the auspices of a BSD license, and include it in their own closed source, proprietary driver for Windows. This is not something that Michael Buesch, one of the original reverse engineers and copyright colder of the bcm43xx code (the Linux kernel driver), wanted to see happen.

Here is an excerpt from Buesch’s original e-mail to Glocker, which he also CCed to a number of other parties.

I, Michael Buesch, am one of the maintainers of the GPL’d Linux wireless LAN driver for the Broadcom chip (bcm43xx). The Copyright holders of bcm43xx (which includes me) want to talk to you, OpenBSD bcw developers, about possible GPL license and therefore Copyright violations in your bcw driver.

We believe that you might have directly copied code out of bcm43xx (licensed under GPL v2), without our explicit permission, into bcw (licensed under BSD license). There are implementation details in bcm43xx that appear exactly the same in bcw. These implementation details clearly don’t come from the open specifications at bcm-specs.sipsolutions.net or bcm-v4.sipsolutions.net.

[…]

We’d like to have this issue resolved. In general we are not against having a free (and BSD licensed) driver in the BSD operating system. But you _have_ to cooperate with us if you’d like to take our code and relicense it under BSD license.

[…]

We’d like to offer you to start cooperating with us. We respect you and your Copyright. You should also do so on our work.

We would not be opposed to relicensing parts of our code under the BSD license on an explicit case-by-case base. So if you ask “May I use this and that function” and if I own the Copyright on that particular function, I will approve or deny your request. Other Copyright holders of the bcm43xx code might act the same way.

We’re not out for blood, just for a fair resolution. We’d like you to start contacting us to resolve the issue now.

Have a nice day.

In immediate response, OpenBSD’s founder and #1 bulldog, Theo De Raadt, launched a verbal assault on Buesch for what he (deRaadt) viewed not only as a big to-do over a piffling issue, but a breach of personal conduct as well. deRaadt is a strange one to be moralizing about social niceties, however, considering that the Theo—despite being a brilliant programmer—has all the social grace of a rabid animal. That was, in fact, part of the impetus behind his forming a separate BSD distribution. But that’s not the point.

The point is that to read the mailing lists, you’d think it was Buesch on trial here; in fact, no one is on trial. Here are the salient points.

Two Linux teams develop a Broadcom wireless driver under strict “Clean Room” standards. This driver includes features that aren’t present in the official Windows driver. This driver is then licensed under the GPL, meaning that further modifications and uses must be licensed under the GPL, as well.

Marcus Glocker very apparently copies code from this GPLed driver, which he uploads to a public CVS server under the auspices of a BSD license. This driver was only in development, meaning that it hadn’t been distributed as part of any release, but insofar as it was on a public CVS server, it could have been copied at any time—including by Broadcom—and used, however illegitimately—under a BSD license. This is the crux of Buesch’s complaint. It doesn’t matter if Glocker was only studying the code or not.

The issue has nothing to do with which is a better license. It also has nothing to do with the relative merits of Copyright. De Raadt and his camp immediately leaped upon Buesch for enforcing his self-described “Copyright,” which is almost a non-entity in the BSD world. In fact, asking that the GPL be respected is hardly an overbearing enforcement of Copyright. It’s downright liberal, in fact.

The BSD camp has ragged about GPL Nazis and such, blaming them for causing the complete removal of the driver from the BSD tree. I’ve heard some suggest that Glocker has now given up development of the driver. This is not Buesch’s fault: he asked that he and other bcw43xx copyright-holders be approached about relicensing, and that GPL-licensed code not sit in a public BSD tree–he never demanded that Glocker stop work on the driver. Glocker should not have uploaded GPL code to the public server: it should have stayed on his machine until he was done studying it, if in fact that’s what he was doing.

deRaadt has ragged Buesch extensively about making a “public spectacle” out of the issue, instead of simply contacting Glocker privately. That could have worked, yes, but open source is all about transparency–not just in code, but in development process, as well. Buesch was not out of line in making this public, likely because he didn’t expect there to be such a furious overreaction to a relatively simple matter. Buesch was perfectly reasonable in his demands, and perfectly civil in his tone. Where does the problem lie? Theo “Fuck Tha GPL” de Raadt and some very touchy OpenBSD proponents.

§1814 · April 8, 2007 · 2 comments · Tags: , , , ,

I could go on for pages and pages of complaints against Big Media and its fascist take on intellectual property rights and fair use. But this is a bit more specific: I stumbled upon a very interesting blog post about BayTSP, a company that monitors download swarms for bittorrent downloads ostensibly containing data copyrighted by their client. They then hand over a list of IP addresses to their client, who flexes its legal muscle to get a DCMA notice sent to the ISP associated with each IP address.

Here’s an excerpt from the blog post:

For my investigation, I wrote a very simple BitTorrent client. My client sent a request to the tracker, and generally acted like a normal Bittorrent client up to sharing files. The client refused to accept downloads of, or upload copyrighted content. It obeyed the law.

I placed this client on a number of torrent files that I suspected were monitored by BayTSP (For my own protection I don’t want to identify the torrents used for this research. I used the fact that NBC is a client of BayTSP to find trackers. If you want to check if BayTSP is monitoring a torrent, look for IPs coming from ranges in test.blocklist.org). Because the university’s information security office is very diligent about processing DMCA notices, I would be able to tell if the BayTSP folks sent notices based on this. With just this, completely legal, BitTorrent client, I was able to get notices from BayTSP.

Having gotten two completely baseless DCMA notices in the last few years, I’m even more angered now than I was before. Obviously, the **AA’s interpretation of the law is distinctly at odds with those of a sane person, and it misses the clue train once again: rather than leverage Bittorrent to its advantage, it seeks to ostracize BT users by reinforcing the all-too-common misconception that bittorrent = illegal p2p.

I use Comcast, which, despite some of its less-than-stellar qualities, doesn’t seem to care very much about this rubberstamped DCMA forms they get from Dan Glickman’s corpulent, Å“dematous empire.

§1727 · February 9, 2007 · 3 comments · Tags: , , , ,