Re: Virus to Virus Idea
From: Chet Uber (eidetic@mindspring.com)Date: 08/31/01
- Previous message: Dave_Chen@mcgraw-hill.com: "Log file data reduction tools"
- Next in thread: Chet Uber: "Re: Virus to Virus Idea"
- Reply: Chet Uber: "Re: Virus to Virus Idea"
- Reply: Jonathan Hale: "Re: Virus to Virus Idea"
- Reply: Chet Uber: "Re: Virus to Virus Idea"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3B8F9DD6.604EBAEE@mindspring.com> Date: Fri, 31 Aug 2001 09:23:18 -0500 From: Chet Uber <eidetic@mindspring.com> To: Cavell.McDermott@apw.com Subject: Re: Virus to Virus Idea
Your logic is sound, but your interpretation of the law is not. You may
connect to someone's computer without their permission as long as you
access a service that is publicly available. There was no issue with
executing the debug option in sendmail, or finger; nor is their today.
This is a fine line I grant you, and I agree with you about the
potential liability by being the previous author of code; but it is not
as simple as generically being able to say that any access is illegal.
If you put up a publicly accessible machine, and you do not put up THE
PROPER banners, and do not secure your machine -- that is tantamount to
invitation.
There is also the issue of intent. If I am a security professional, or
arguably someone writing intelligent agent software for an e-commerce
project, and someone takes my test code; it can be shown that while I
had opportunity, I had not intention and no motive.
I am not a lawyer, and I don't play one on TV; however I do employ one
and have been through the system from the victims side. I would not want
to be the worm writer in the scenario you paint, but the current laws
and legal system have to many holes to make the blanket statement.
Just my two cents.
Regards,
Chet Uber
Cavell.McDermott@apw.com wrote:
>
> This unfortunately was already done, and instead of doing what it should
> have, it added yet another back door to the machines that it worked on. In
> theory its great, but anybody can grab a copy of it, change the code a bit,
> and you've got yourself another virus to defend against. One of the first
> worms created was supposed to help people out - ended up causing way more
> problems. And plus you'd have to deal with the legal implications of
> creating a worm - a program that connects to people's computers without
> their permission. Which is very against the law. Even if you mean well.
> So let's say you create a 'good' worm, and send it off to get rid of some
> other worm or virus. Someone gets ahold of it and causes $$$ damage to a
> bunch of companies, etc. You're going to be held liable for it.
> Best thing to do is for people to take care of their own systems,
> keeping them up to date. Safest thing for everybody all the way around, if
> not the most efficient.
>
> Best regards,
>
> Cavell McDermott
> APW Ltd. - Texas Campus
> 214-343-1400 - Main
> 214-355-2039 - Helpdesk
> 214-341-9950 - Fax
> http://www.apw.com
>
>
> "sari sari"
> <sarisocks@vi To: SECURITY-BASICS@securityfocus.com
> sto.com> cc:
> Sent by: Subject: Virus to Virus Idea
> sarisocks@vis
> to.com
>
>
> 08/29/2001
> 09:07 PM
> Please
> respond to
> sarisocks
>
>
>
> Here's an idea for debate:
> Some creates a virus, whether code red or another, and shoots it off to
> infect and destroy. Whatever the case. Why not have someone create a
> program/anti-virus virus that proprogates itself to computers, thats sole
> purpose is to go around and install the patches to defend?
> The obvious would be more traffic, but could the advantages out weight the
> disadvantages?¿
>
> Tuchus
>
> bye4now!
> sari!
>
> -Perception is the only reality,
> and mind games are the twist of perception-
>
> ___________________________________________________________________________
> Visit http://www.visto.com.
> Find out how companies are linking mobile users to the
> enterprise with Visto.
--Chet Uber, Senior Advisor SecurityPosture Information Assurance & Information Security vmail 402.498.2673 eidetic@mindspring.com http://www.securityposture.com
If you are not the intended recipient be advised that you have received this email in error and any use, dissemination, forwarding, printing or copying of it is strictly prohibited. It is the responsibility of the addressee to scan this mail and any attachments for computer viruses or other defects. The sender does not accept liability for any loss or damage of any nature, however caused, which may result directly or indirectly from this email or any file attached.
---------------------------------------------- "Are You In A Security State Of Mind?" (c) 1998-2001. Chet Uber. All Rights Reserved. ----------------------------------------------
- Previous message: Dave_Chen@mcgraw-hill.com: "Log file data reduction tools"
- Next in thread: Chet Uber: "Re: Virus to Virus Idea"
- Reply: Chet Uber: "Re: Virus to Virus Idea"
- Reply: Jonathan Hale: "Re: Virus to Virus Idea"
- Reply: Chet Uber: "Re: Virus to Virus Idea"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
