Security Incidents mailing list archives
Re: Dutch Police Arrest Kournikova Author.
From: "Jay D. Dyson" <jdyson () TREACHERY NET>
Date: Wed, 14 Feb 2001 16:45:49 -0800
-----BEGIN PGP SIGNED MESSAGE----- On Wed, 14 Feb 2001, Jon O. wrote:
The logic behind this escapes me. You write a virus, you get arrested. You write an exploit, you get credited (as you very well should). I feel that writing exploits helps keep vendors, developers, etc honest and possibly even leads to better code. It also stimulates good programming techniques. Wouldn't it follow that a virus is similar to an exploit in that it uses an application in a new or unplanned way to demostrate a weakness. This also often leads to fixing and correction of weaknesses. Or, should a virus be seen as someone actually attacking your servers with an exploit? If someone writes a virus and posts it to a mailing list in a zipped, dormant state and it gets unzipped and released into the wild, who is responsible then?
I think the primary difference lies in the two big D's: dissemination and deception. In this case, the author engaged in deception for the original dissemination. If he'd released it in non-executable form on, say, the Vuln-Dev list and tossed out caveats regarding its use, he'd have been off the hook. If reports thus far are correct, he distributed the worm from his website with no warning or information regarding the actual payload. So basically he knew what he was doing was destructive and he went to some lengths to conceal it. Therein lies his culpability. - -Jay ( ______ )) .---- "There's always time for a good cup of coffee" ----. >===<--. C|~~| |--------- Jay D. Dyson -- jdyson () treachery net ---------| | = |-' `--' `-There are fates worse than death; most are my hobbies.-' `-----' -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: See http://www.treachery.net/~jdyson/ for current keys. iQCVAwUBOosYsNCClfiU/BIVAQFn6QQApejJ2N1suE1rRDqXLrTE11Z7NtFKIESc e8/bMlFbBnrXQ+F1p4kjSPXB1ij8j6Nr6JLqUy9J1/Z60fwb4hTsrdJNX0xJ9oqj K+RU4F1b3xuUDRZ58TFEo1QbQ22UPF486hNxJ2RtpVsduh6Y6Nfv11oYGurDCqla VFS2Af6kSiE= =MCAJ -----END PGP SIGNATURE-----
Current thread:
- Dutch Police Arrest Kournikova Author. Jay D. Dyson (Feb 14)
- Re: Dutch Police Arrest Kournikova Author. Marnix Petrarca (Feb 14)
- Re: Dutch Police Arrest Kournikova Author. John Oliver (Feb 14)
- <Possible follow-ups>
- Re: Dutch Police Arrest Kournikova Author. Jay D. Dyson (Feb 14)
- Re: Dutch Police Arrest Kournikova Author. Marnix Petrarca (Feb 14)