funsec mailing list archives
Re: So, did the BBC cross the line?
From: Gadi Evron <ge () linuxbox org>
Date: Sat, 14 Mar 2009 15:41:51 -0500 (CDT)
On Sat, 14 Mar 2009, nick hatch wrote:
I'm honestly curious: you sound very passionate that there is a clear ethical line here somewhere, and I'd hate to miss exactly where you believe it is.
Who does it is clear: we can't stop anyone from doing anything online (or at least, pretty much~). We prefer for it to be people who "know what they are doing. It must be people who are "authorized to do so". The question of this discussion though, is WHAT are you allowed to do, the who is easy to answer. I have done every single one of these things in the past 15 years, mainly in the late 90s, while developing my idea of what's right and what's wrong with botnets. So, let's examine our main options. Are you allowed to connect to a botnet and passively listen in? Passive: Concievably you can be breaking the law by connecting to, say, an IRC server on a compromised machine. It's pretty white. Passively using botnet resources: Sedning passive commands to the bots via use of their natural control mechanism, i.e., type in a command to an IRC channel where the bots respond. Gray. Actively using botnet resources: Sedning a passive command via the use of their natural control mechanism to perform an action on the network or the machine itself. Example: remove bot. Mostly a useless action as the machine has not been secured, and it is quite possible the user would get reinfected by repeating past activity regardless. The point here, though, is that you cause an action on the remote machine which is more than providing with simple data. Gray to black, depending on circumstance. In an emergency during an attack, I can concieve of doing something of the sort. Accessing botnet machines: Uploading a new executable (for whatever purposes, even for "removal", is black as they come. Even if you weren't doing it on a machine (or many machines) you do not own, you can be collapsing the remote machine due to simplistic reasons such as lack of RAM. It's executing code and nobody gave you permission to do so. Black, black. Connecting via network rather than C&C: This can be done for any reason, from controlling the bot to nmaping the compromised host. Should be referenced to list above while making every step one level darker than it was when doing via C&C. These of course, are just my opinion. Further, while my ethical convictions on this issue are strong, I am unsure how long they will remain practical. Gadi. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: So, did the BBC cross the line?, (continued)
- Re: So, did the BBC cross the line? David Harley (Mar 14)
- Re: So, did the BBC cross the line? David Harley (Mar 14)
- Re: So, did the BBC cross the line? Gadi Evron (Mar 14)
- Re: So, did the BBC cross the line? David Lodge (Mar 14)
- Re: So, did the BBC cross the line? Florian Weimer (Mar 14)
- Re: So, did the BBC cross the line? David Harley (Mar 14)
- Re: So, did the BBC cross the line? Alex Eckelberry (Mar 14)
- Re: So, did the BBC cross the line? David Harley (Mar 14)
- Re: So, did the BBC cross the line? nick hatch (Mar 14)
- Re: So, did the BBC cross the line? nick hatch (Mar 14)
- Re: So, did the BBC cross the line? Gadi Evron (Mar 14)
- Re: So, did the BBC cross the line? nick hatch (Mar 14)
- Re: So, did the BBC cross the line? Alex Eckelberry (Mar 14)
- Re: So, did the BBC cross the line? Florian Weimer (Mar 14)
- Re: So, did the BBC cross the line? Alex Eckelberry (Mar 14)
- Re: So, did the BBC cross the line? Gadi Evron (Mar 14)
- Re: So, did the BBC cross the line? Paul Ferguson (Mar 14)
- Re: So, did the BBC cross the line? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Mar 15)
- Re: So, did the BBC cross the line? David Harley (Mar 16)
- Re: So, did the BBC cross the line? Valdis . Kletnieks (Mar 14)
- Re: So, did the BBC cross the line? David Harley (Mar 15)