Vulnerability Development mailing list archives
Re: What to do with a vulerability?
From: Blue Boar <BlueBoar () thievco com>
Date: Thu, 23 Jan 2003 14:57:30 -0800
Jason Coombs wrote:
Viral vs. non-viral is an unimportant distinction -- if you choose to engage in this business, be sure you can document your good intentions and your legal forensic procedures because they are your only legal defense against prosecution. Persecution, on the other hand, is a given.
Oh, I dunno. I think it would be a lot harder to make a case for innocent intentions if the code were written in viral/worm form. In this instance, what *appears* to be under discussion is a technique for process hiding. That's not even an exploit per se. On the whole spectrum of programs that someone might take offense to, that's not too bad. I think that the question of viruses and worms came up only because the person who made the discovery assumes that malicious code would be the main consumer of such a technique.
I wish I could simply roll my eyes at your statement that releasing an exploit or technique might make one an accessory to a crime, but sadly I fear your concern now has a basis, and I can't dismiss it outright anymore.
BB
Current thread:
- What to do with a vulerability? Oliver Lavery (Jan 17)
- Re: What to do with a vulerability? Blue Boar (Jan 20)
- <Possible follow-ups>
- Re: What to do with a vulerability? The Blueberry (Jan 23)
- Re: What to do with a vulerability? Blue Boar (Jan 24)