[1]Research silenced amid copyright, trademark claims

    If you were at BSides Manchester in England this week, you hopefully
    caught James Williams' presentation on the shortcomings of some
    commercial antivirus tools.

    If not, and you hoped to watch it on YouTube, you may be out of luck
    for a while.

    That's because one of the vendors mentioned - SentinelOne - is
    rather upset with the talk, funnily enough titled "Next-gen AV vs my
    shitty code." To stop people seeing it, the Silicon Valley biz filed
    a copyright-infringement complaint to make YouTube remove a
    [2]recording of the presentation from the BSides Manchester channel.

    …

    El Reg has asked for clarification on what exactly the infringing
    content was - because a breach of the antivirus maker's
    terms-of-service is not a valid reason to take down a video - and
    has yet to hear back at the time of publication. We also asked
    Williams to comment on SentinelOne's allegations about bug
    disclosure methods.

    And if you want to see what all the fuss is over, Williams gave a
    very similar talk last month at SteelCon, a hacker gathering in the
    north of England, which happens to be online here…

    [3]Youtube Video

    …and you can find the slides and more resources [4]on GitHub over
    here. ®

  UPDATE: Cory has his take up at Boing Boing, to which I have little to
  add:

  From [5]Antivirus maker Sentinelone uses copyright claims to censor
  video of security research that revealed defects in its products /
  Boing Boing

    Among the companies thus humiliated was Sentinelone, who responded
    by sending a censorship request to Youtube claiming that Williams
    had violated copyright law (presumably Section 1201 of the DMCA,
    which bans bypassing access controls for copyrighted works), its
    terms of service (which corporations and US federal prosecutors have
    said is a violation of the Computer Fraud and Abuse Act) and
    trademark laws (this is pure bullshit, as trademark has an absolute
    "nominative use" defense that allows you to use trademarks to
    identify the products and services they're associated with).

    …

    If you're a Sentinelone customer, you should be really worried.
    Sentinelone argues that their products are "protecting…critical
    global enterprises" - but since Williams' presentation apparently
    demonstrated that the version of their product he analyzed is a
    flaming garbage heap (they don't really dispute this, they merely
    say that he should have been more polite when he outed them for
    their defective goods), they are not actually protecting those
    critical enterprises. They're failing to protect them. So if you
    rely on Sentinelone's products, or worse, if you're a customer of
    one of those "critical global enterprises," then, it seems, you are
    putting your trust in something that is unfit for purpose.

    This is why it's so dangerous that good actors like Mozilla, Tesla
    and Dropbox have published security policies that promise not to sue
    researchers who follow their rules. Because these companies are
    making the case that researchers who don't follow the rules can be
    sued, they are exposing the entire research community to risks from
    bad actors like Sentinelone, who use the "good guys'" arguments to
    justify their own censorship.

    Remember that these legal threats only work against people who don't
    plan on attacking users of the affected products. If you're a
    surveillance contractor or criminal who has found a bug in Mozilla,
    or Dropbox, or Tesla, or Sentinelone, you don't need to worry about
    getting sued for revealing your findings, because you don't plan on
    revealing your findings. You want to keep them secret for as long as
    possible, while you attack the unsuspecting customers of these
    corporations with impunity.

  I am constantly surprised by the hubris of companies that think
  containing security testing in their pre-defined legal box will yield
  much of value. I expected this from Tesla and Dropbox, but that Mozilla
  is employing similar arbitrary constraints further contributes to my
  conflicted relationship with the company.
  Also on:

  [6]Twitter
    __________________________________________________________________

  My original entry is here: [7]SentinelOne makes YouTube delete Bsides
  vid 'cuz it didn't like the way bugs were reported. It posted Sun, 19
  Aug 2018 07:31:07 +0000.
  Filed under: business,

References

  1. http://go.theregister.com/feed/www.theregister.co.uk/2018/08/18/sentinelone_bsides_copyright_takedown/
  2. https://www.youtube.com/watch?v=BYEbhDXgElQ
  3. https://www.youtube.com/watch?v=247m2dwLlO4
  4. https://github.com/two06/Inception/
  5. https://boingboing.net/2018/08/18/sentinelone-v-streisand.html
  6. https://twitter.com/TokyoGringo/status/1031082100605300736
  7. https://www.prjorgensen.com/?p=1489

You are viewing proxied material from sdf.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.