Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Vulnerability-based IPS Patent

from [Kyle Quest] Network Security [Permanent Link]
Subject: RE: Vulnerability-based IPS Patent
Date: Wed, 5 Apr 2006 14:44:03 -0400 
Some people who's been dealing with IDS and IPS 
products may think that this patent is going to 
be useless...

Believe it or not it's not that unlikely that the patent
can be granted. I know it sounds crazy to people in the 
security field, but it is a reality. I'd like to quote what 
Larry Seltzer mentioned in one of his emails about 
the Pentent Office:

<quote>

"...Bruce Lehman, Patent Office commissioner through much of the 1990s, once
summed up the problem when he said, "We are the patent office, not the
rejection office."

The Patent Office itself gets paid when it grants a patent, creating
pressure on the staff to keep the money coming in. Patent examiners' bonuses
are also based in part on the number of files they close in a year. But the
only way to close a file for good is to grant the patent because an
application that's been denied can always be modified and resubmitted, and
frequently is. So examiners have a direct financial stake in closing
application files by green-lighting the patent.

<end of quote>

Right now, as we speak, Astaro, Barracuda Networks, Blue Coat,
Fortinet, and SonicWall are being sued by ESoft for violating
their "Software Management System Patent", http://tinyurl.com/efhn7 .
This is something that can happen with this patent as well
if it's granted. It's a slightly different case, but it's
an real example in the security field that shows what can
happen when silly patents are granted.

With patents its usually not about who's right or wrong...
Those with bigger pockets (HP's pockets are definitely
pretty big) win even if their patent is a joke. 
That fact alone is a great tool to scare other companies 
into paying up to avoid a painful, time consuming, and costly 
legal battle that may not result in the correct resolution.

Kyle


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: IDS vs. IPS deployment feedback, Andrew Plato
Next by Date:  Re: IDS vs. IPS deployment feedback, Jean-Philippe Luiggi
Previous by Thread:  Vulnerability-based IPS Patent, Kyle Quest
Next by Thread:  Re: System call based IDS for linux?, Olaf Gellert
Indexes:  [Date] [Thread] [Top] [All Lists]