October 2011

Monthly Archives

  • Kevin Mitnick’s New Book


    A Take on Kevin Mitnick’s New Book (from a Software Attorney)

    Software Attorney Kevin Mitnick's Book Ghost In The Wires Cover - Aber Law Firm

    Ok, if you have not heard of Kevin Mitnick and you are in the software industry, then he is someone you need to know about. He is probably the most notorious hacker in US history, and he released his new book Ghost in the Wires (A 5 Star Rated Book on Amazon.com) a few months ago.

    So here are some takeaways from the perspective of a software attorney that only represents Software, SaaS and IT services companies.

    1) Read the Book. Ok I get that this is circular logic, but you will learn things that I think you cannot learn other than by reading the book. What I am trying to say here is that the way that he describes how he moved effortlessly in and out of a tech company’s systems, steals source code, gains direct access to deverlopers, is nothing short of amazing. Without getting a real gut feel for this by reading the book, the importance of this book will be missed.

    2) The Weakest Link in Your Security.  Kevin Mitnick coined a phrase ‘social engineering‘ and you need to know about it (there is even a wiki page dedicated to it).  Essentially it is all about how a hacker uses trickery and deception to get information to gain access to a computer system. In other words, it is all about the human element. No matter how great your company’s technical and physical security …

  • Third Party Demo and Test Licensing: What You Need to Know!



    demo license

    Ok, let me see if I can explain this issue a little better.

    • Can you use third party software (for example, Microsoft’s SQL Server) in your partner’s demo lab for testing your software?
    • Can you go onsite to a prospect and use/leave SQL Server in a demonstration environment for 3 weeks, so they can test your software?

    While you may not run into this issue every day, this is becoming a much more common licensing issue. The Lady Licensing Blog did a great job of addressing this, so I thought I would give her some recognition for the post and of course, add some of my own thoughts on the subject.

    So here goes.

    1) Check your License Agreement.  While I am sure you had thought of this, I wanted to remind you, as this is where the rubber meets the road. It is ok to look at an FAQ or other online guide, but you should make sure that the actual license agreement specifically allows you to perform the specific demo and test activities (especially offsite). The Lady Licensing Post  addressed this issues in her post (with a useful chart AND the license wording).

    2)  An Internal Use License is Not Enough. The key here is you need the specific right to use the third party software offsite, and specifically for “End User Testing,” “End User Demonstration,” etc. This specific wording is addressed in her blog, but I thought I would reproduce it here as