Re: PARASITIC COMPUTING - WHAT'S NEXT

From: Kurt Seifried (bugtraq@seifried.org)
Date: 10/23/01 

Message-ID: <005101c15b4d$fd011300$6400030a@seifried.org>
From: "Kurt Seifried" <bugtraq@seifried.org>
To: "Bartholomew Simpson" <focusyne@yahoo.com>, <focus-ids@securityfocus.com>
Subject: Re: PARASITIC COMPUTING - WHAT'S NEXT
Date: Mon, 22 Oct 2001 17:05:05 -0600

This raises some interesting question. If you connect to my server, can I
simply send back a disclaimer of some sort and then ask you to process
stuff? I.e. at what level? "By accessing this website you agree todownload a
java application that will run Seti @home (to name one possible example)". A
reply ICMP ping packet containing the text followed by packets that require
the processing? What if you initiate a connection to me but because of
something I did, like I visit your website which results in your webserver
looking up in-addr-arpa info on my IP?

I think it ultimately doesn't matter much, like many things people will
simply do it, and damn the consequences. Thus the onus (unfortunately) falls
onto the end user, much like anti-virus software, personal firewall,s
keeping software up to date, etc to protect themselves (rmemeber napster? my
ISP sent out email to the effect of "this is a warning, turn off napster if
you are not using it, otherwise we will cheerfully send you a large bill
when you blow your upload limit away. A lot of people were still surprised
and unhappy.). Even if it is a crime that won't stop people from doing it,
and unless large amounts of proovable damage are done you won't get law
enforcement very interested anytime soon.

Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://www.seifried.org/security/