Create an Account
username: password:
 
  MemeStreams Logo

Mike Lynn is a Whistleblower, he should be protected

search

skullaria
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

skullaria's topics
Arts
  Fine Arts
  Fiction
  Non-Fiction
  Movies
   Documentary
  Photography
Business
  Tech Industry
  Telecom Industry
  Markets & Investing
Games
Health and Wellness
Home and Garden
  Repair and Improvement
  Parenting
  Pets
Miscellaneous
  Humor
Current Events
  War on Terrorism
  Elections
  Israeli/Palestinian
  North Ireland
Recreation
  Astrology
  Martial Arts
Local Information
  Georgia
   Atlanta
    Atlanta Events
Science
  Astronomy
  Biology
  Environment
  Geology
  Medicine
  Space
Society
  Activism
  Crime
  Education
  Futurism
  International Relations
  History
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
  Military
  Philosophy
  Relationships
  Religion
  Security
Sports
Technology
  Computers
   Computer Security
    Cryptography
   Cyber-Culture
   Human Computer Interaction
   Knowledge Management
   Computer Networking
   Linux
   Microsoft Windows
   Perl Programming
   PHP Programming
   Spam
   Web Design
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Mike Lynn is a Whistleblower, he should be protected
Topic: Computer Security 10:57 pm EDT, Jul 29, 2005

The EFF should support Mike Lynn in his defense against ISS and Cisco. If security researchers are not protected as Whistleblowers when they uncover major flaws, our critical communication infrastructure will be at serious risk. These are the Good Guys.

Mike has taken on enormous personal risk to do the right thing. So far, the general impression in the blogs is that he is doing the right thing. The mainstream media coverage has been good as well. This is a departure from the past, and a good one at that. The headlines contain words like "Whistleblower" and "Coverup"..

It is quite ironic that Cisco & ISS are taking the "Intellectual Property" tactic. Just to add some irony to it, here is a a post of Mike Lynn here on MemeStreams proving CherryOS stole OSS code from the PearPC project:

just incase anyone didn't believe them already here goes the analysis (I do this sort of thing for a living) first off CherryOS.exe is what we call in the security industry "packed", that means that they have taken a compiled binary and run it through an obfuscator to make it hard to reverse engineer (or at least with hard if all you're doing is strings)...this is common for virus writers, worm writers, 31337 bot net kiddies, and on the legitimate side, game developers do this a lot...its not very common among the commercial (or free) legitimate software market (mostly because it doesn't work and doesn't do any good) so, the easiest way to defeat the packing is simply to let it start up (this one has several annoying checks for debuggers so its easiest to just attach after its loaded)...

the eula for this thing says its a violation to reverse engineer it, but if you do disassemble it you find they never had the rights to license it in the first place, so I don't feel worried to put this here...

I think I have made it clear beyond a shadow of a doubt that CherryOS.exe, shipped as the core of cherryos is nothing but a recompiled version of PearPC...it has at most minor changes, most to strip attribution, hide the theft, or remove debugging output...

The only way we can fault Mike's research is with petty things like not consistently using upper case letters in his posts. The technical end of his work is flawless.

Both Cisco and ISS are attempting to spin Mike's research and make it look incomplete, but the truth of the matter is he demo'ed his technique in front of a room of people, and no one has found fault with it.

If this tactic continues, it will approach a very transparent form of character assassination. It will backfire on Cisco.

In the field of Security Research, Whistleblowing has always been a controversial issue. It is not a black and white thing. This article at CNET covers a number of the issues with disclosure of security problems that often come up. If you compare the ideas expressed in the article with what Mike actually did, you should come away thinking that Mike handled this ethically.

Mike Lynn is a Whistleblower, he should be protected



 
 
Powered By Industrial Memetics
RSS2.0