E-Soft (e-soft.co.uk) Uses Bogus Copyright Claims to Stifle Research

Mon May 28 17:38:16 CDT 2012


Research Eric Romang, based in Luxembourg, created a video showing a demonstration of the Metasploit Digital Music Pad SEH overflow exploitation module (EDB-ID-15134, Metasploit exploit/windows/fileformat/digital_music_pad_pls). The video was posted to YouTube in February 2011 to accompany his blog post. In May 2012, Romang received an email from YouTube saying that the video had been removed due to a copyright complaint from E-Soft.co.uk, the vendor of Digital Music Pad.

Dear [redacted username]:

We have disabled the following material as a result of a third-party notification 
from E-Soft.co.uk claiming that this material is infringing:

EDB-ID-15134 : Digital Music Pad SEH overflow
http://www.youtube.com/watch?v=Z0Y9zfe6zkQ

Please Note: Repeat incidents of copyright infringement will result in the deletion of your account and 
all videos uploaded to that account.  In order to prevent this from happening, please delete any videos to 
which you do not own the rights, and  refrain from uploading additional videos that infringe on the 
copyrights of others. For more information about YouTube's copyright policy, please read the "Copyright 
Tips" guide: http://www.youtube.com/t/howto_copyright.

If one of your postings has been misidentified as infringing, you may submit a counter-notification. 
Information about this process is in our Help Center:
http://www.youtube.com/t/copyright_counter

Please note that there may be severe legal consequences for filing a false or bad-faith notice.

Sincerely,
The YouTube Team

It is interesting that YouTube discourages users from filing a counter-notification, saying "may be severe legal consequences for filing a false or bad-faith notice". One has to wonder if they warn the person making the complaint of the same thing?

At the time of the video creation and posting, the affected software was freely downloaded from the vendor web site. The video does not use any other sound or materials from the vendor site and does not use any music that may be copyrighted. The video was created for educational purposes, to help other security researchers better understand how to use a Metasploit module. The video appears in a second location on YouTube, uploaded by someone other than Romang:



Romang questioned YouTube's decision to remove the video, asking what basis it was removed for "copyright infringement". YouTube responded saying that Stephen Edwards from E-Soft.co.uk claimed:

Software: "Digital Music Pad" *Software interface is shown *Enables illegal copying of the software

This claim is absurd and not a valid copyright complaint. First, the software was freely downloaded from their web site, allowing anyone to install it and use it. This would better permit them to "illegally copy the software". If Edwards meant that a competitor could "copy" the interface, then the claim is just as absurd. Second, E-Soft's web site contains pages and documentation that also shows the exact same content.

It is clear that Edwards and E-Soft.co.uk do not understand copyright, and are using a bogus copyright claim in an attempt to help hide the research that demonstrates their product has a vulnerability.




Copyright 2012 by Attrition.org. Permission is granted to quote, reprint or redistribute provided the text is not altered, and appropriate credit is given.


main page ATTRITION feedback