ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #074 [Re: Disassembled virus?] (1 message, 1901 bytes)
NOTICE: securitydigest.org recognises the rights of all third-party works.
START OF DOCUMENT
From: bostic@okeeffe.Berkeley.EDU (Keith Bostic)
Date: Sun 01:34:13 06/11/1988 EST
Subject: Re: Disassembled virus?
References: [Thread Prev: 069] [Thread Next: 070] [Message Prev: 073] [Message Next: 075]
> Keith, I rarely disagree with you this strongly, but frankly I'm rather > pissed off at you. This is getting out of hand. I think (hope?) that what the other people on the list are hearing is not what I'm trying to say. Let me try one more time. Then, if you still disagree, I suggest you ask Mike Karels to post a copy (firstname.lastname@example.org). > I and probably at least a dozen other people on this list are quite capable > of decompiling the virus without your help. I am also quite capable of > writing one from scratch that's a least as good and probably better. This is absolutely true -- you, for example, could decompile it one hell of a lot faster than I could. Without Dave Pare, Donn Seeley and Chris Torek here we'd have been working until sometime next year. To make absolutely sure the record is clear, my part in the decompilation was minimal, at most. > The challenge, from my point of view would be to do it so that I > couldn't be traced. Writing the actual virus is childs play by > comparison. True -- for you! Not for the people that read comp.unix.questions. > This "trust me, I know whats good for you" attitude is something I > would expect from IBM or ATT, but not Berkeley. We're (I'm) *not* trying to say that. I promise you that we have told you *everything* that is even mildly interesting about the code. I would have no problem giving you or Doug Comer or Gene Spafford copies of the worm. But I do not think it's appropriate to post it to the net or to a mailing list. I think it entirely possible that someone will pull a copy off the net, and try to improve it, or "test it, just for fun". If you can give me a way that I can distribute the code, and then not feel guilty if/when that happens, I'm willing to do it. It seemed a lot simpler to refuse to give anyone the code than to try and figure out who was "trustworthy". > Why don't you stop the rest of us from wasting their valuable time > duplicating work that you have already done. > > We're adults. Really. Yes, but are you willing to trust everyone on "phage", let alone everybody that reads USENET? Gene, you created this mailing list, are you willing to "guarantee" that noone on the list will act in an irresponsible manner? Would you be willing to accept legal responsbility to that effect? Actually, that's an interesting question -- if I post the code and someone uses it, am I legally liable? Maybe I should ask the Berkeley lawyers, but we both know what they'll say! > The truly comical part is you actually think that keeping the > source to your self makes any difference. I'm hoping, I really am. > One of the basic tenets of computer security is that security > through obscurity DOES NOT WORK. We have not been obscure -- everybody that we've been able to reach knows *exactly* how this thing works. I just don't want to put the mechanism onto the net. Surely you can understand that. > Now I'm tempted to submit a paper to the next USENIX conference > that goes into explicit detail about how best to write a > virus for Berkeley UNIX. If it details security problems and methodologies, I think it's great. You didn't hear me object to the virus paper for January's USENIX! If you want to print source code for such a program, I don't think it's such a good idea. --keith
END OF DOCUMENT
|ISSN 1742-948X 01 (Online) | 2005/03/01 | Copyright 2002-2008 securitydigest.org. All rights reserved.|