Contact Us
Zango decision offers legal safeguards to the security community
June 30th, 2009 by Nick ChapmanOne of the provisions of the Communications Decency Act (Section 230 of the US Code) established a safe harbor for ISPs so that they couldn’t be held liable for the speech of their users. If you take umbrage at something someone said on the Internet, your remedy is to sue the speaker, not their ISP or telephone company.
That safe harbor is pretty well known, however there is another provision in title 230 that hasn’t received quite as much attention. Subsection (c) (2) provides protection for “Good Samaritan” blocking of offensive material. This states that service providers are not liable for voluntarily blocking access to offensive or otherwise objectionable material.
Kaspersky’s anti-malware product displays warnings and blocks the operation of Zango’s software, which is classified as adware. Zango wasn’t very fond of this practice and thus sued Kaspersky for tortuous interference in Zango’s business. Kasperksy was able to obtain a summary judgment in trial court because of the 230 safe harbor. Zango appealed to the US Court of Appeals for the Ninth Circuit. That court recently handed down a judgment for Kaspersky.
One of the arguments Zango raised in the appeal was that Kaspersky was selling a product, not offering an interactive online service. The court found that Kaspersky’s products count as an interactive computer service based on the fact that they disseminate updates via the Internet. This definition of interactive computer service should be broad enough to cover a good chunk of the security industry.
I am not a lawyer, this post does not constitute legal advice, nor would I be competent to offer such advice. The following is just the speculation of a security geek that thinks that our legal system should be accessible to anyone willing to do the requisite research. That said, for those organizations that would not be covered, I wonder if including a feature that allows users to update content via the Internet would be enough to extend the liability protection to that organization.
Another interesting side effect of including security services under the liability shield is that it could be used to try to shield an individual security researcher from liability. The exact wording of the statue states that no provider or user of an interactive service shall be held liable for:
"any action taken to enable or make available to information content providers
or others the technical means to restrict access to [objectionable content]”
If a researcher were to publish security research online that would allow others to develop countermeasures, that sure sounds a whole lot like it would be included in that definition to me. In theory, this could be used to shield researchers who publish vulnerability information. While this law may offer protection to those who disclose information in a number of different ways, SecureWorks supports and follows guidelines for responsible disclosure.
If this legal tactic were to be accepted in a court of law, there could be two unintended restrictions to when this defense could be employed, that some might consider leading to undesirable outcomes.
First, as the law only protects users or providers of interactive services, this liability shield may not work for someone presenting information in person or dead tree format. Second, if the requirement is to give information which would allow others to be able to restrict access, it might require enough information to write a signature to block the attack. So this could lead to a situation where revealing information online, full disclosure style, could have more legal protections then giving a talk at Blackhat for example. But then again, perhaps videotaping the talk and putting it online would be enough for conferences to be counted as an interactive service. It would be nice to have another tool to defend against legal threats that have unfortunately prevented some security talks.
Share This Information | Zango decision offers legal safeguards to the security community
|
| Other SecureWorks Blog Categories: |
SHA-1 Collision Attacks Now 252
June 3rd, 2009 by Dennis DwyerEurocrypt 2009 was recently held from April 26-30 in Cologne, Germany. Sponsored by the International Association for Cryptologic Research (IACR), the website states that “It is devoted to all aspects of cryptology.” This year’s Eurocrypt rump session was held on April 28, which featured a talk entitled “Automatic Differential Path Searching for SHA-1″.
Continue Reading "SHA-1 Collision Attacks Now 252" >>|
Share This Information | SHA-1 Collision Attacks Now 252
|
| Other SecureWorks Blog Categories: |
On The New Cybersecurity Bill
May 20th, 2009 by Joe StewartOn April 1, 2009, while the rest of the cybersecurity world was largely focused on the Conficker worm, Senators John (Jay) Rockefeller and Olympia Snowe introduced the Cybersecurity Act of 2009. Since the hype over Conficker has died down now, I’ve had a chance to review the text of this somewhat controversial bill and add my two cents to the discussion.
Continue Reading "On The New Cybersecurity Bill" >>|
Share This Information | On The New Cybersecurity Bill
|
| Other SecureWorks Blog Categories: |
Following the Trojan Trail
May 12th, 2009 by Kevin StevensIn this post I will go over the latest botnet making the headlines. The “Finjan botnet” appears to be large and strikes fear into many. As an average computer user, should you be afraid of the botnet, or should you be scared of being compromised by a Trojan? How bad can one piece of malware be?
Continue Reading "Following the Trojan Trail" >>|
Share This Information | Following the Trojan Trail
|
| Other SecureWorks Blog Categories: |
Speaking at RSA
April 17th, 2009 by Joe StewartThe 2009 RSA conference kicks off next week in San Francisco. It looks like a busy week for me - I’ll be presenting first on Tuesday, April 21st at the SecureWorks booth on the showfloor at 1:00 PM PDT. This will be a “Conficker Q&A” session. I’ll be answering questions with the knowledge I’ve gained from reverse-engineering Conficker and also from my participation in the Conficker Working Group.
Continue Reading "Speaking at RSA" >>|
Share This Information | Speaking at RSA
|
| Other SecureWorks Blog Categories: |
Conficker.C Worm Activity Detected
April 14th, 2009 by Dennis DwyerPreviously, the April 1st “activation date” of the Conficker.C worm was hyped as a doomsday. As Joe Stewart explains in the previous post, an update to the worm used a new algorithm to generate 50,000 domain names which could potentially be used as update or command and control servers.
Continue Reading "Conficker.C Worm Activity Detected" >>|
Share This Information | Conficker.C Worm Activity Detected
|
| Other SecureWorks Blog Categories: |
Conficker April Fools Hype
March 27th, 2009 by Joe StewartDon’t panic. If you’re reading this, you’re probably not infected with Conficker.C. If you were already infected, you wouldn’t be able to access any page on secureworks.com, due to the worm author’s apparent dislike for the removal instructions we posted for earlier Conficker variants.
Continue Reading "Conficker April Fools Hype" >>|
Share This Information | Conficker April Fools Hype
|
| Other SecureWorks Blog Categories: |
Clever Hack, or Carders-at-Work?
March 12th, 2009 by Joe StewartEarlier this week, reports began to circulate in the media about Chinese hackers selling $200 USD iTunes gift cards online for 17.90 RMB (about $2.60 USD). It was explained that these hackers were able to acheive the remarkable feat of cracking Apple’s algorithm for generating the gift voucher codes, and were thus able to generate as many cards as they liked, all of which would be redeemable in the iTunes store.
Continue Reading "Clever Hack, or Carders-at-Work?" >>|
Share This Information | Clever Hack, or Carders-at-Work?
|
| Other SecureWorks Blog Categories: |
Analysis of CVE-2009-0658 (Adobe Reader 0day)
March 10th, 2009 by Bow SineathBow here again. It has been a while since we posted a binary analysis on our blog, so I figured we would post one for a vuln that has been getting a lot of hoopla the past few weeks :)
Continue Reading "Analysis of CVE-2009-0658 (Adobe Reader 0day)" >>|
Share This Information | Analysis of CVE-2009-0658 (Adobe Reader 0day)
|
| Other SecureWorks Blog Categories: |
Tornado Malware Kit
March 5th, 2009 by Dennis DwyerIn this post, we will be taking a look at the Tornado Malware kit. Tornado is a Russian web-attack kit used by hackers to compromise as many machines as possible. “Out of the box,” it comes with 14 exploits, although users have space to add more, thanks to a modular design (handy!).
Continue Reading "Tornado Malware Kit" >>|
Share This Information | Tornado Malware Kit
|
| Other SecureWorks Blog Categories: |
