Re: coding (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)

From: Robert A. Seace (
Date: 09/07/01

From: "Robert A. Seace" <>
Message-Id: <>
Subject: Re: coding (was: Re: CodeGreen beta release  (idq-patcher/antiCodeRed/etc.)
To: (David Schwartz)
Date: Fri, 7 Sep 2001 16:32:28 -0400 (EDT)

In the profound words of David Schwartz:
> Malicious code and exploit code, on the other hand, is more like a
> cigarette that kills you instantly or a gun that blows up when you squeeze
> the trigger. They're interesting to talk about and look at, but there is no
> moral application for them.

        Bullshit! There are PLENTY of "moral applications" for exploit
code... Just to name a few: testing your own servers to see if they
are vulnerable; testing your servers after patching to verify the
patch actually worked as advertized; using the exploit in an authorized
penetration test type of scenario; demonstrating to clueless higher
management at your place of employment the need for applying that
patch that they are so reluctant to do; studying the code for educational
purposes, to learn how it works, possibly for the purpose of developing
something to guard against it; etc... There are many, many legitimate,
"moral" uses for exploit code... Code is just like any other tool:
it can be used for either good or bad purposes... It's not inherent
in its design which you use it for... There is no "good" or "bad"
code; only code... Plenty of so-called "good" programs have been
used for very bad purposes... And, plenty of so-called "bad" programs
have been used for very good purposes...

||    Rob Seace    ||               URL              || ||
||  AKA: Agrajag   || || ||
"Trouble with a long journey like this is that you end up just talking to
 yourself a lot, which gets terribly boring because half the time you
 know what you're going to say next." - TRATEOTU