Re: [Full-Disclosure] DCOM/RPC story (Analogy)

From: Jarmo Joensuu (j_joensuu_at_yahoo.com)
Date: 08/31/03

  • Next message: madsaxon: "RE: [Full-Disclosure] DCOM/RPC story (Analogy)" 
    To: full-disclosure@lists.netsys.com
Date: Sun, 31 Aug 2003 13:05:30 -0700 (PDT)

    we are into analogies now...

    here's another one:

    A scientist working for al-Qaida invents a new way of
    making a relatively powerful explosive from supplies
    that can be purchased from a grocery store in
    Afghanistan. He wants to make it available for his
    buddies currently working as software programmers at
    Micr...whatever...in the United States, so that they
    can blow up that annoying needle that always looks 5
    times taller than what it actually is in all those
    postcards.

    Anyway, the scientist had a problem: how was he going
    to get the bomb to the 'States? After all, it was not
    practical to send it by postal mail, and with the new
    scrutiny at the U.S. airports, he did not feel
    comfortable to send it with a courier either. He also
    wasn't sure whether his buddies can actually obtain
    the right ingredients from a grocery store in the
    'States. So he decided that he was going to send them
    a pack of the right groceries and a recipe.

    All his buddies had to do was to copy what he had
    done. Albeit not with a hex editor, though.

    I guess that would amount to 'unethical use of kitchen
    equipment'.

    And if the dudes actually succeeded in bombing
    Seattle, there would probably be those who would say
    that "hey...maybe they were not all that bad...maybe
    just wanted to show us the importance of fixing the
    holes in our national security..."

    duh,

    JJ

    --- Kristian Hermansen <khermansen@ht-technology.com>
    wrote:
    > I also agree with you. The kid is guilty of nothing
    > more than "Unethical use of a hex editor". And
    > here's my MAIN FUCKING POINT SO LISTEN UP ALL OF
    > YOU:
    >
    >
    > THE 7000 COMPUTERS THAT HE SUPPOSEDLY INFECTED WOULD
    > HAVE BEEN INFECTED BY THE "ORIGINAL" WORM HAD THEY
    > NOT BEEN COMPROMISED BY HIS VARIANT FIRST. SO
    > WHAT'S THE FUCKING CRIME? READ BELOW...
    >
    >
    > The analogy is this: A scientist drops a monkey
    > infected with the Ebola virus into a large tank
    > containing 20,000 other monkeys. Some monkeys have
    > been given a shot to protect them from infection, so
    > as the virus spreads they do not become a carrier.
    > The outbreak starts at the far west end of the
    > container and is working its way to the east side,
    > infecting every monkey exponentially as they all
    > pass it on to their neighbors. One of the smarter
    > monkeys gets infected and realizes what is
    > happening. For some strange reason this monkey
    > knows that drinking a certain liquid (on the floor
    > of the container) will slightly alter the properties
    > of the virus he has become infected with
    > immediately. He stirs up the other end of the
    > container by hurling a pile of his own feces. Now,
    > the outbreak has not reached that end of the tank
    > yet (but most definitely will in time) and the
    > outbreak is now spreading from the west and east
    > ends toward the center. After the outbreak has
    > reached its infection maximum and looking at all of
    > the dead monkeys on the tank floor, the uninfected
    > monkeys start asking questions as to what the hell
    > happened to their brothers and sisters. Weeks go by
    > and no one has an answer. Finally, one monkey
    > overhears a conversation about how one guy threw his
    > *** all the way across the tank. That's the guy we
    > need to punish they concluded. They apprehend the
    > monkey on his death bed for throwing his own ***
    > and causing the outbreak at the east end of the
    > tank, which supposedly killed 7000 monkeys. They
    > continued looking for the original infectioner, but
    > the scientist was never discovered. Some of the
    > monkeys started to blame God for allowing this
    > infection to be possible. "Why the hell does God
    > want to torture us? We are but mere mortals!",
    > exclaimed one monkey. "God works in funny ways...",
    > sighed another monkey.
    >
    >
    > Kris Hermansen
    > ceo@ht-technology.com
    >
    >
    > On Sat, Aug 30, 2003 at 10:39:53AM -1000, Jason
    > Coombs wrote:
    >
    > > if he made the modifications and gave the modified
    > worm to other people but
    > > didn't cause it to infect anyone else's computers,
    > then what crime is he
    > > guilty of exactly? criminal misuse of a hex
    > editor?
    >
    > it could certainly be argued that the "damage"
    > caused by this copy of the
    > program is no greater than it would have been if his
    > home computer had
    > simply been infected and passed it on in the usual
    > way. in fact, maybe
    > he is even the pioneer of a new art form where
    > people, out of respect for
    > the rights of the autonmous agent, refuse to remove
    > these programs from their
    > computers and use hex editors to tattoo their
    > message onto the worms' backs.
    > i can see web sites with worm poetry -- the random
    > juxtaposition of
    > sentences that trace a particular worm geneaology as
    > it passes across the
    > mesh, perhaps even paper-bound volumes.
    >
    > other than neglecting to install a program with a
    > genocidal attitude
    > towards certain processes, what exactly did this guy
    > do wrong?

    __________________________________
    Do you Yahoo!?
    Yahoo! SiteBuilder - Free, easy-to-use web site design software
    http://sitebuilder.yahoo.com

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: madsaxon: "RE: [Full-Disclosure] DCOM/RPC story (Analogy)"