According to Internet Traffice Report, overall global traffic is down the last three days. Not that it shows the whole picture. I'm sure that the shape of that traffic in the last few days has changed dramatically.
Of course, the best way to defeat this kind of trojan is simply to use a firewall and block the ports being used to remotly configure the hidden driver. So then, the worrying part is not the trojan itself, but the competancy of the average user...
Unless of course that trojan actually intercepts and modifies those system calls.
IARNAL (I am REALLY not a lawyer) and this starts to get into conflicting clauses. In my comments below, I will try to separate what it says from what I think it means. I will not, however, be typing in large portions of the relevant agreement. Go check out SCO's pdfs for that.
Here goes:
Exhibits A and B represent signed licensing agreements between AT&T and IBM from the mid-80's. Appendix C is a letter of understanding between IBM and AT&T from the same period that both changes some clauses and further elucidates the exact meanuing of exhibits A and B.
Exhibit D is the licensing agreement between SCO/Novell and IBM from 1996.
Exhibit E is the letter from 6 March 2003 from SCO to IBM indicating the specific violations of the agreements and invoking a 2 month notice to terminate IBM's license. THIS IS REALLY WHERE SOMEONE SHOULD START READING IF YOU WANT TO WORK THROUGH THIS.
Relevant material in Exhibit D:
Page 5, item number 6.
WHAT IT SAYS: This item is titled "Restriction on Fully Paid up License." (Exhibit D is an agreement whereby IBM makes a $10 million payment to SCO in exchange for being fully paid up on all royalties due under the original AT&T agreements. It doesn't give them carte blanche. It merely states that assuming the numbers of licenses, etc. . . agreed to in the mid-80s are adhered to then IBM has fulfilled all monetary obligations.) Anyway, item 6 states that for a 5 year period starting 1 Jan 1996 the grant of license only applies to AIX on the "Power, PowerPC and Power2 architectures." After that 5 year period the royalty relief applies to anything IBM releases. This paragraph also removes the provision I mention in the parent post that states "employees of LICENSEE shall not refer to the physical documents and materials comprising SOFTWARE PRODUCTS subject to this agreement when they are developing any such product or service or providing any such service"
WHAT I THINK IT MEANS: I'm not completely sure. This defitely would seem to preclude IBM from offering AIX on Intel. Or from offering another Unix operating system on another CPU architecture, assuming that Unix system was basically derived from AIX/AT&T Unix. However, the removal of the clause not allowing employees to refer to source code or documentation when using material to create "products or services employing ideas, concepts, [and] know-how" would seem to imply that IBM could use the IP contained in it for other products as long as it wasn't based on AT&T Unix. I'd say you can clearly argue that Linux isn't based on AT&T Unix. However, the question is whether any of the IBM contributed code based on that. This paragraph 9 *may* be read to preclude IBM from contributing that code to Linux--again assuming it is contributing code developed by AT&T. I am not a kernel hacker, but I find this unlikely.
Page 12 (section 3.04 and 3.06). This comes from the relevant "Reference Source Code" agreement between SCO and IBM. Section 3 relates to the confidentiality of the code and is thus the NDA.
WHAT IT SAYS: 3.04 reads in part "YOUR obligations under this section shall not apply to a particular portion of the REFERENCE SOFTWARE PRODUCT which . . . (v) is independently developed by you with the use of the REFERENCE SOFTWARE PRODUCT or SOFTWARE DERIVATIVE.
WHAT I THINK IT MEANS: This would seem to state that IBM can use concepts embodied in the software to create other software. It can even refer to the relevant SCO software in doing so. Again, we seem to have some conflicts between various clauses of agreements. I suppose this boils down to whether Linux code as contributed by IBM represents a Unix operating system on non PowerPC architectures.
WHAT IT SAYS: 3.06. Not going to give a full quote here, but it basically says that IBM employees that have viewed source code can use that general knowledge when working on other projects so long as the employee doesn't review SCO code while working on other projects and doesn't take notes or attempt to memorize code or concepts when he is working with SCO source code. However, this paragraph ends with this ominous phrase "However, nothing in this paragraph shall affect SCO's rights under patent or copyright laws."
WHAT I THINK IT MEANS: Here SCO has specifically written in a reservation of patent and copyright ownership. However, it only applies to this paragraph. The paragraph in question, 3.06, would seem to directly contradict and further restrict an employees ability to examine source code while working on other products.
In conclusion, I do not have any answers. There seem to be conflicting clauses relating to IBM's ability to use concepts derived from looking at SCO code. There also appears to be an explicit reservation of patent IP rights under this agreement. That seems to be the strongest leg that SCO has to stand on. Conversely, there are also multiple references to the ability of IBM to use concepts contained in the code in other products. I don't know what the answer is, but I hope my two brief summaries here can help enlighten the debate.
IANAL. However, I am trying to read through the exhibits SCO provided on its website. I have not looked at all of them, but I couldn't resist passing this on. Their exhibit C is a letter of understanding between AT&T and IBM which re-writes some of the clauses of the contract and license in an earlier exhibit.
I would point people to the 4th page of the pdf file, which addresses clause 7.06a of an earlier agreement. It reads in part:
"LICENSSE agrees that it shall hold SOFTWARE PRODUCT subject to this agreement in confidence for AT&T. . . . Nothing in this agreement shall prevent LICENSEE from developing or marketing products or services employing ideas, concepts, know-how of techniques relating to data processing embodied in SOFTWAR PRODUCTS subject to this agreement, provided that LICENSEE shall not copy any code from such SOFTWARE PRODUCTS into any such product or in connection with any such service and employees of LICENSEE shall not refer to the physical documents and materials comprising SOFTWARE PRODUCTS subject to this agreement when they are developing any such product or service or providing any such service. If information relating to a SOFTWARE PRODUCT subject to this agreement at any time becomes available without restriction to the general public by acts not attributable to LICENSEE or its employees, LICENSEES obligations under this section shall not apply to such information after such time."
Now, I've not glanced at exhibits D and E and have not read completely exhibits A,B and C. However, this clause, if not overridden in D or E, would seem to me (remember IANAL) to give IBM the right to use IP embedded in licensed code to produce other code or services. It would even seem to allow people who have worked with licensed code to work on the new project so long as they do not refer to licensed code or documentation while working on the new project.
So, even if IBM took SCO intellectual property and placed it into Linux, so long as they didn't copy SCO owned code or look at while working on the Linux code, it seems to me that it would have been perfectly legal under the contracts for IBM to co-opt SCO owned IP and place it under the GPL in Linux.
Actually, it isn't quite the same thing. What spamd does is to use up resources on open proxies by sending back a bunch of bounces. He identifies these by using SPEWS, or some other list of open proxies. The side effect of this is that you will be bouncing all messages from them. If you are unfortunate enough to have a business relationship with someone with an open proxy, then you have just stopped any ability to communicate via e-mail by running spamd.
However, if the idea suggested in the article are implemented, you will still be using up resources on the open proxy, but only for those messages that are actually spam. You can still receive e-mail from idiots running open proxies if you have the misfortune of needing to.
Use Open Source to Fight Code Red
on
Code Red III
·
· Score: 4, Interesting
Tom Liston came up with a cool idea for slowing Code Red and other TCP port scanners. He didn't have the bandwidth to host it, and I offered. So, this is a shameless plug, but if we can get enough of us doing this and get some press coverage, it's a great story that shows the power and speed with which open source solutions can be implemented.
He first posted the idea on 7/31 just before Code Red started heating up again. Using the Trinux (http://www.thrinux.org) linux distribution, he cobbled together a floppy boot image that, with unused ip addresses and an old machine, can be used to slow the scans by responding to the initial TCP three way handshake and then ignoring everything else. The automated scanner has to time out before that thread can move on. According to reports on the SANS Intrusions discussion list, it seems to slow all variants of Code Red and on RPC scans as well.
His announcement of LaBrea is at: http://www.incidents.org/archives/intrusions/msg01 368.html
Slashdot Mirror
Thanks. I'm an idoit.
That makes much more sense. My mistaken reading of it was quite a surprise to me.
According to Internet Traffice Report, overall global traffic is down the last three days. Not that it shows the whole picture. I'm sure that the shape of that traffic in the last few days has changed dramatically.
Of course, the best way to defeat this kind of trojan is simply to use a firewall and block the ports being used to remotly configure the hidden driver. So then, the worrying part is not the trojan itself, but the competancy of the average user...
Unless of course that trojan actually intercepts and modifies those system calls.
OK, folks. Relevant material from exhibit D.
IARNAL (I am REALLY not a lawyer) and this starts to get into conflicting clauses. In my comments below, I will try to separate what it says from what I think it means. I will not, however, be typing in large portions of the relevant agreement. Go check out SCO's pdfs for that.
Here goes:
Exhibits A and B represent signed licensing agreements between AT&T and IBM from the mid-80's. Appendix C is a letter of understanding between IBM and AT&T from the same period that both changes some clauses and further elucidates the exact meanuing of exhibits A and B.
Exhibit D is the licensing agreement between SCO/Novell and IBM from 1996.
Exhibit E is the letter from 6 March 2003 from SCO to IBM indicating the specific violations of the agreements and invoking a 2 month notice to terminate IBM's license. THIS IS REALLY WHERE SOMEONE SHOULD START READING IF YOU WANT TO WORK THROUGH THIS.
Relevant material in Exhibit D:
Page 5, item number 6.
WHAT IT SAYS: This item is titled "Restriction on Fully Paid up License." (Exhibit D is an agreement whereby IBM makes a $10 million payment to SCO in exchange for being fully paid up on all royalties due under the original AT&T agreements. It doesn't give them carte blanche. It merely states that assuming the numbers of licenses, etc. . . agreed to in the mid-80s are adhered to then IBM has fulfilled all monetary obligations.) Anyway, item 6 states that for a 5 year period starting 1 Jan 1996 the grant of license only applies to AIX on the "Power, PowerPC and Power2 architectures." After that 5 year period the royalty relief applies to anything IBM releases. This paragraph also removes the provision I mention in the parent post that states "employees of LICENSEE shall not refer to the physical documents and materials comprising SOFTWARE PRODUCTS subject to this agreement when they are developing any such product or service or providing any such service"
WHAT I THINK IT MEANS: I'm not completely sure. This defitely would seem to preclude IBM from offering AIX on Intel. Or from offering another Unix operating system on another CPU architecture, assuming that Unix system was basically derived from AIX/AT&T Unix. However, the removal of the clause not allowing employees to refer to source code or documentation when using material to create "products or services employing ideas, concepts, [and] know-how" would seem to imply that IBM could use the IP contained in it for other products as long as it wasn't based on AT&T Unix. I'd say you can clearly argue that Linux isn't based on AT&T Unix. However, the question is whether any of the IBM contributed code based on that. This paragraph 9 *may* be read to preclude IBM from contributing that code to Linux--again assuming it is contributing code developed by AT&T. I am not a kernel hacker, but I find this unlikely.
Page 12 (section 3.04 and 3.06). This comes from the relevant "Reference Source Code" agreement between SCO and IBM. Section 3 relates to the confidentiality of the code and is thus the NDA.
WHAT IT SAYS: 3.04 reads in part "YOUR obligations under this section shall not apply to a particular portion of the REFERENCE SOFTWARE PRODUCT which . . . (v) is independently developed by you with the use of the REFERENCE SOFTWARE PRODUCT or SOFTWARE DERIVATIVE.
WHAT I THINK IT MEANS: This would seem to state that IBM can use concepts embodied in the software to create other software. It can even refer to the relevant SCO software in doing so. Again, we seem to have some conflicts between various clauses of agreements. I suppose this boils down to whether Linux code as contributed by IBM represents a Unix operating system on non PowerPC architectures.
WHAT IT SAYS: 3.06. Not going to give a full quote here, but it basically says that IBM employees that have viewed source code can use that general knowledge when working on other projects so long as the employee doesn't review SCO code while working on other projects and doesn't take notes or attempt to memorize code or concepts when he is working with SCO source code. However, this paragraph ends with this ominous phrase "However, nothing in this paragraph shall affect SCO's rights under patent or copyright laws."
WHAT I THINK IT MEANS: Here SCO has specifically written in a reservation of patent and copyright ownership. However, it only applies to this paragraph. The paragraph in question, 3.06, would seem to directly contradict and further restrict an employees ability to examine source code while working on other products.
In conclusion, I do not have any answers. There seem to be conflicting clauses relating to IBM's ability to use concepts derived from looking at SCO code. There also appears to be an explicit reservation of patent IP rights under this agreement. That seems to be the strongest leg that SCO has to stand on. Conversely, there are also multiple references to the ability of IBM to use concepts contained in the code in other products. I don't know what the answer is, but I hope my two brief summaries here can help enlighten the debate.
IANAL. However, I am trying to read through the exhibits SCO provided on its website. I have not looked at all of them, but I couldn't resist passing this on. Their exhibit C is a letter of understanding between AT&T and IBM which re-writes some of the clauses of the contract and license in an earlier exhibit.
I would point people to the 4th page of the pdf file, which addresses clause 7.06a of an earlier agreement. It reads in part:
"LICENSSE agrees that it shall hold SOFTWARE PRODUCT subject to this agreement in confidence for AT&T. . . . Nothing in this agreement shall prevent LICENSEE from developing or marketing products or services employing ideas, concepts, know-how of techniques relating to data processing embodied in SOFTWAR PRODUCTS subject to this agreement, provided that LICENSEE shall not copy any code from such SOFTWARE PRODUCTS into any such product or in connection with any such service and employees of LICENSEE shall not refer to the physical documents and materials comprising SOFTWARE PRODUCTS subject to this agreement when they are developing any such product or service or providing any such service. If information relating to a SOFTWARE PRODUCT subject to this agreement at any time becomes available without restriction to the general public by acts not attributable to LICENSEE or its employees, LICENSEES obligations under this section shall not apply to such information after such time."
Now, I've not glanced at exhibits D and E and have not read completely exhibits A,B and C. However, this clause, if not overridden in D or E, would seem to me (remember IANAL) to give IBM the right to use IP embedded in licensed code to produce other code or services. It would even seem to allow people who have worked with licensed code to work on the new project so long as they do not refer to licensed code or documentation while working on the new project.
So, even if IBM took SCO intellectual property and placed it into Linux, so long as they didn't copy SCO owned code or look at while working on the Linux code, it seems to me that it would have been perfectly legal under the contracts for IBM to co-opt SCO owned IP and place it under the GPL in Linux.
Anyone read it differently?
Actually, it isn't quite the same thing. What spamd does is to use up resources on open proxies by sending back a bunch of bounces. He identifies these by using SPEWS, or some other list of open proxies. The side effect of this is that you will be bouncing all messages from them. If you are unfortunate enough to have a business relationship with someone with an open proxy, then you have just stopped any ability to communicate via e-mail by running spamd.
However, if the idea suggested in the article are implemented, you will still be using up resources on the open proxy, but only for those messages that are actually spam. You can still receive e-mail from idiots running open proxies if you have the misfortune of needing to.
Tom Liston came up with a cool idea for slowing Code Red and other TCP port scanners. He didn't have the bandwidth to host it, and I offered. So, this is a shameless plug, but if we can get enough of us doing this and get some press coverage, it's a great story that shows the power and speed with which open source solutions can be implemented. He first posted the idea on 7/31 just before Code Red started heating up again. Using the Trinux (http://www.thrinux.org) linux distribution, he cobbled together a floppy boot image that, with unused ip addresses and an old machine, can be used to slow the scans by responding to the initial TCP three way handshake and then ignoring everything else. The automated scanner has to time out before that thread can move on. According to reports on the SANS Intrusions discussion list, it seems to slow all variants of Code Red and on RPC scans as well. His announcement of LaBrea is at: http://www.incidents.org/archives/intrusions/msg01 368.html