Re: Get your computer viruses here!

[Roland Dobbins <rdobbins () cisco com>]

I don't know if he has a legal obligation to try and determine how  
his code is being used; the moral obligation is of course outside the  
realm of law and thus completely subjective, in the scheme of  
things.  The futility and the moral hazards of trying to suppress the  
dissemination of information are well-documented (remember the  
debates over the _Anarchist's Cookbook_ in print media, and similar  
brouhahas online?); the 'cure' is often worse than the 'disease'.


On Dec 28, 2005, at 7:12 AM, Drsolly wrote:

> On Tue, 27 Dec 2005, val smith wrote:
>
> > Hi there, thanks for the interest in my site.
> >
> > (Drsolly I was sad to not recieve any more replies from you, I had  
> > hoped to
> > keep dialogue open:( )
>
> You seemed to have already made up your mind, and I wasn't having any
> effect by talking to you.
>
> > I pretty much agree with what Gadi stated and definitly the  
> > intention of the
> > site is white-hat. A simple google search will satisfy most peoples
> > blackhat/vx needs much better than my site ever could.
> >
> > If you login and look around you will see a few things:
> >
> > 1.) It requires a login to access samples and the way its  
> > configured they
> > cant be downloaded automatically from worms, etc. (if someone  
> > finds a bug in
> > this let me know, ill fix it)
>
> But Blackhat McNasty can create a login, and download everything he  
> wants.
>
> > 2.) Accesses are logged (limited usefulness) but its simple for me  
> > to turn
> > accounts / IP's off if I see a problem.
>
> But Blackhat McNasty downloading a bunch of malware won't be seen  
> by you
> as a problem - why should it? You're under the impression that
> distributing malware is equivalent to free speech.
>
> > 3.) You'll see the focus is on analysis, identification and  
> > signatures
> > rather than simply a malware distribution site
>
> Blackhat McNasty doesn't care what your focus is, all he wants it to
> download the malware that you're kindly providing
>
> > 4.) I think im providing some useful services out there. I submit  
> > copies of
> > my samples/analysis to the A/V companies and others like ISC
>
> Blackhat McNasty doesn't care what other services you provide.
>
> > 5.) I've begun converstations with other projects to see how we can
> > collaborate (mwcollect, nepenthes, etc.)
>
> Blackhat McNasty doesn't care who you're getting samples from, but  
> other
> projects might be concerned about who you're distributing them to.  
> I hope
> you're telling them your policy on redistributing malware?
>
> > 6.) I don't develop malware (unless you count exploits as malware  
> > but I dont
> > distribute these here)
>
> Blackhat McNasty doesn't care whatty doesn't care who wrote them, he's
> just happy that he can get them from you.
>
> The big thing missing here is any attempt to determine whether  
> Blackhat
> McNasty is likely to use the malware that you provide him with, for
> malicious purposes.
>
> > Thankfully the country I am in still allows free speech and this  
> > thing isn't
> > illegal according to my research and the opinion of lawyers I have  
> > spoken
> > with.
>
> Speech is free here too, but that doesn't entitle me to whack  
> someone over
> the head and call it "speech". Nor does it entitle you to provide a
> malicious person with the weapons to cause destruction on other  
> people's
> computers, unless you live in a country which doesn't have computer  
> misuse
> laws. You don't mention what country you're in, so I can't say. You  
> have a
> moral and legal obligation to determine whether Blackhat McNasty is  
> likely
> to act maliciously with the malware you provide him with. You're not
> meeting that obligation.
>
> > Gadi its true we dont know each other, however I think we have  
> > some friends
> > in common. I'd look forward to buying you a beer in Vegas this  
> > summer :)
> >
> > Anyway I look forward to hearing more opinions, input and  
> > suggestions.
> > (contributions hopefully?)
>
> I'd be really quite surprised, given your intention to run a malware
> exchange open to anyone who wants to use it, if you'll get much in  
> the way
> of contributions.
>
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

----------------------------------------------------------------------
Roland Dobbins <rdobbins () cisco com> // 408.527.6376 voice

     Everything has been said.  But nobody listens.

                   -- Roger Shattuck

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.