Re: coding (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)

From: Robert A. Seace (ras@slartibartfast.magrathea.com)
Date: 09/07/01


From: "Robert A. Seace" <ras@slartibartfast.magrathea.com>
Message-Id: <200109072032.QAA29952@slartibartfast.magrathea.com>
Subject: Re: coding (was: Re: CodeGreen beta release  (idq-patcher/antiCodeRed/etc.)
To: davids@webmaster.com (David Schwartz)
Date: Fri, 7 Sep 2001 16:32:28 -0400 (EDT)

In the profound words of David Schwartz:
>
> Malicious code and exploit code, on the other hand, is more like a
> cigarette that kills you instantly or a gun that blows up when you squeeze
> the trigger. They're interesting to talk about and look at, but there is no
> moral application for them.

        Bullshit! There are PLENTY of "moral applications" for exploit
code... Just to name a few: testing your own servers to see if they
are vulnerable; testing your servers after patching to verify the
patch actually worked as advertized; using the exploit in an authorized
penetration test type of scenario; demonstrating to clueless higher
management at your place of employment the need for applying that
patch that they are so reluctant to do; studying the code for educational
purposes, to learn how it works, possibly for the purpose of developing
something to guard against it; etc... There are many, many legitimate,
"moral" uses for exploit code... Code is just like any other tool:
it can be used for either good or bad purposes... It's not inherent
in its design which you use it for... There is no "good" or "bad"
code; only code... Plenty of so-called "good" programs have been
used for very bad purposes... And, plenty of so-called "bad" programs
have been used for very good purposes...

-- 
||========================================================================||
||    Rob Seace    ||               URL              || ras@magrathea.com ||
||  AKA: Agrajag   || http://www.magrathea.com/~ras/ || rob@wordstock.com ||
||========================================================================||
"Trouble with a long journey like this is that you end up just talking to
 yourself a lot, which gets terribly boring because half the time you
 know what you're going to say next." - TRATEOTU



Relevant Pages

  • Re: A favor using NSLOOKUP please
    ... internet cache servers for purposes of serving up heavily requested files. ... Victoria's Secret also hires them to handle the load for some internet ... "grunt work" so that each company does not have to have huge server farms ...
    (microsoft.public.security)
  • Re: USPS Web Tools
    ... USPS allows access to their servers only for specific purposes. ... > Has anyone integrated a VFP app with the USPS web tools XML based servers? ...
    (microsoft.public.fox.programmer.exchange)
  • [SLE] logrotate freezes server
    ... Most of them serve different purposes and exist on ... there are clues that it died during log rotation. ... I have logrotate configured to rotate daily and compress. ... this appears to happen frequently between our servers. ...
    (SuSE)
  • SNMP
    ... I have a number of 2k3 EE servers for various purposes. ... alert messages based on certain criteria. ... Prev by Date: ...
    (microsoft.public.windows.server.general)
  • Willy might subtly smash our painter
    ... Plenty of realistic white frogs will overnight hope the ... purposes. ... offices explicitly shake as the uniform competences say. ... Everyone lean wicked investigators onto the damp japanese locomotive, ...
    (sci.crypt)