Re[2]: Get your computer viruses here!

[Pierre Vandevenne <pierre () datarescue com>]

Good Day,

vs> Ill say again, you might as well send google the same emails you are sending
vs> me since Mr. McNasty (related to mcdonald maybe?) can do the same thing with
vs> google.

That's a complex argument to tackle. The same applies, in many ways,
to the use of reverse engineering for lawful (and probably essential,
such as malware analysis) purposes and the unlawful ones (such as
obtaining a zero day exploit to f*** up your enemy's server). One can
go up as far as one likes. The hex editor. The disassembler. The
debugger. The compiler used to write a disassembler/debugger. The
editor used in the process... I have spent a lot of time thinking
about this, and don't have clear cut answers or nice certainties.

When in doubt, I would advise prudence.

vs> I'm actually getting lots of contributions and feedback from some of the
vs> people I respect most in the security community.

The numbers of "I am", "I respect", "I cut off if", etc... arguments you
are using tend to suggest at least a weak level of close
mindedness/egomania. After all, we all do respect people we agree with
anyway. Besides, playing God, or King Solomon (as in "I kick off
abusers") is fun.  That sounds "your" project/kingdom and no amount of
arguing will move you away from it. Arguing about it will stir the
pot and generate traffic.

vs> is growing in a positive way in spite of its evil possibilities. Ill be
vs> honest I've gotten around 50 - 60 thousand hits, and tons of email and yours
vs> has been the only negative one so far. Maybe the others who feel as you do
vs> have given up already as well?

That's the "majority" argument pushed to the extreme. The "majority"
isn't always right. If it was, you'd fall off the end of the earth
walking past the edge.

vs> I guess what you haven't convinced me of yet is how "malware" is any
vs> different from any other object in existance which can be used for both good
vs> or evil. I could stand on the corner selling rocks which people could use to
vs> study or to bash someone over the head with. How is that much different?

Ah, that's an easy one. With a rock you, or I, can break one another's
skull. Network aware algorithmic things can do incredible amounts of
damage to untold numbers of people. With increased power comes
increased accountability. Now, I have to agree that the infrastructure
is too weak and that the main culprits are either the feature greedy
users or the features happy sellers. However, we can't plead ignorance
about the possible consequences of our actions.

vs> Just to be clear, in no way am I trying to "flame" you. I really do want a
vs> diversity of ideas and opinions but I like to keep a bit of humor in any
vs> debate. So please keep the thoughts coming, I'm greatly enjoying the
vs> discussion.

When Dr Solly had a financial interest in this, I confess I believed
he was mostly motivated by protecting his own turf. The fact that he
is somewhat disconnected today gives, at least in my eyes, more weight
to his opinions.

As far as I am concerned, a world where everyone hacks and attacks
everyone, and where the paranoid in us feels compelled to investigate
everything down to the last bit would probably be directly profitable.

However, and against my current direct financial interest, I favour a
less turbulent cyberspace so that my children and less technically
aware internet users can benefit, without risks, from the real
IT/networks benefits.

Now, I realize that by saying this I sound like a benevolent idiot.
Feel free to shoot.

-- 
Best regards,
 Pierre                            mailto:pierre () datarescue com

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.