1993-06-08 - Re: CERT: the letter from CERT to berkeley.edu admin

Header Data

From: smb@research.att.com
To: Eric Hughes <hughes@soda.berkeley.edu>
Message Hash: f73146bd6e48802ae189f19d73e3b97c40a05eacf1a0090c09d343b518479edd
Message ID: <9306081814.AA22615@toad.com>
Reply To: N/A
UTC Datetime: 1993-06-08 18:14:44 UTC
Raw Date: Tue, 8 Jun 93 11:14:44 PDT

Raw message

From: smb@research.att.com
Date: Tue, 8 Jun 93 11:14:44 PDT
To: Eric Hughes <hughes@soda.berkeley.edu>
Subject: Re: CERT: the letter from CERT to berkeley.edu admin
Message-ID: <9306081814.AA22615@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


	 Here, in its almost full glory, is the letter that CERT sent to the
	 admin at berkeley.  I've removed the addressee, since there's no need
	 to involve that person.  I have not, however, removed the name of the
	 sender.

	 Don't you just love that phrase "illegal trading of commercial
	 software"?

Based on what you sent out, I confess that I see nothing wrong with
CERT's note.  They're right -- anonymous ftp is abused that way.  I've
seen it happen on a fair number of sites -- folks upload packages for
others to snarf.  The pattern of some of the transactions I've seen
suggests that folks are chatting anonymously via IRC or some such, and
are using third-party machines as anonymous relay points.  Other
transaction patterns suggest the creation of sub rosa archives by folks
who have no legitimate right to use the machine.  Files distributed
that way (and I'm speaking here of what I've seen personally, not just
rumors from CERT or the net) include copyrighted PC software packages.

Now -- there's a lot of room for disagreement about whether or not it's
proper to charge for software, or whether or not algorithm patents are
or should be valid.  But I suspect that most people on the list would
agree that if someone has written something that they don't want
distributed that way -- as evidenced, for example, by a copyright
notice -- their wishes should be respected.  That's common courtesy, if
nothing else.  Similarly, if you want to distribute files, use your own
machine.  Don't abuse someone else's, when you know perfectly well that
that's not a proper use of anonymous ftp.

Again -- neither CERT nor I am talking about things like RSA software.
That's a can of worms I'm not going to open in this forum.  And they're
probably not even talking about files that legitimate users are making
available.  They're talking about abuse of other folks' machines,
almost always with neither the knowledge nor the consent of the system
owner.  And the outcome is predictable; I've seen a number of cases
where anonymous ftp has been shut down, to the detriment of the entire
community.


		--Steve Bellovin





Thread