[ale] [aluigi at altervista.org: Gamespy uses DMCA to destroy bug research and full disclosure]
Robert L. Harris
Robert.L.Harris at rdlg.net
Wed Nov 12 11:04:42 EST 2003
Scary...
----- Forwarded message from Luigi Auriemma <aluigi at altervista.org> -----
From: Luigi Auriemma <aluigi at altervista.org>
To: eff at eff.org, bugtraq at securityfocus.com, list at dshield.org,
dmca-activists at gnu.org, dmca_discuss at lists.microshaft.org
Subject: Gamespy uses DMCA to destroy bug research and full disclosure
Date: Wed, 12 Nov 2003 16:29:18 +0000
Just today (12 Nov 2003) opening my mailbox I have found a mail of about 1
megabyte and half and fortunally for the sender I don't use filters.
The mail has been sent by the Gamespy's lawyers asking me to remove my bug
research stuff from my site.
The stuff is composed by my proof-of-concepts and advisories written to test
and explain the bugs in the Gamespy's products found and signaled to them a
lot of months ago and completely ignored by Gamespy.
All my advisories were released to the most known and pubblic security
mailing-lists in the past so everyone can see all the release dates of them
and how Gamespy manages the bugs in its products... the best example is just
a remote buffer-overflow found and signaled to Gamespy at the end of May
2003 and still existent in the actual version of the program RogerWilco.
The other incredible thing is that the lawyers have included in the list of
"stuff to remove" also a simple program that is not a proof-of-concept or an
advisory and moreover is not directly related to Gamespy... really comic...
Continuing to read the mail (a pdf file) can be found a lot of senseless
affirmations, some reported below:
- "you have committed numerous violations of state and federal law by
illegally accessing Gamespy servers and by creating, marketing, and
distributing software which circumvents the encryption mechanism that
protects access to Gamespy's servers"... are we talking about security
bugs??? what I market???
- they say my proof-of-concepts "purport to permit to circumvent the
encryption protection of Gamespy's proprietary software, including GameSpy
3D and Roger Wilco, to obtain access to computer servers owned and operated
by GameSpy, or in some cases to cause those servers to crash"... I'm very
interested about what of my proof-of-concepts "circumemvent the encryption
protection of Gamespy". The bugs I have found are in the Gamespy's products
NOT in the Gamespy's servers.
- but the most comic affirmation is "In contrast to simply advising GameSpy
of these vulnerabilities, by publishing this software to the world at large
you are clearly facilitating the intentional crashing of GameSpy's server by
others"... I have tried to contact Gamespy EVERYTIME I have found a new bug
for MULTIPLE times but they have EVER ignored my signalations or, as
happened for the first bug in RogerWilco, they have simply "feigned" to
patch the bugs so insulting me and my research (who has read my
wilco-remix-adv.txt knows all the shameful story).
So the "common time delay" to release advisories (a week or sometimes a
month from the signalation of the bug without receiving replies) was FULLY
respected in all the occasions.
The last part of the mail/pdf talks about various DMCA's violations, US's
laws and moreover "crime"!
Bug research is a crime and bug researchers are criminals, didn't you know
that?
Is really shameful to see a company spending money for useless lawyers
instead to quickly patch their incredibly bugged products and moreover to
support who do bug research... what Gamespy wants is to destroy the full
disclosure and the free information encouraging the underground scene.
I think is not good for the Gamespy's users to know that the main goal of
Gamespy is just to protect itself instead to protect its users and clients.
That's the situation...
BYEZ
---
Luigi Auriemma
http://aluigi.altervista.org
----- End forwarded message -----
:wq!
---------------------------------------------------------------------------
Robert L. Harris | GPG Key ID: E344DA3B
@ x-hkp://pgp.mit.edu
DISCLAIMER:
These are MY OPINIONS ALONE. I speak for no-one else.
Life is not a destination, it's a journey.
Microsoft produces 15 car pileups on the highway.
Don't stop traffic to stand and gawk at the tragedy.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
More information about the Ale
mailing list