|
|
ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #181 [Re: Disassembled virus?] (1 message, 1137 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/181.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.
START OF DOCUMENT
From: Theodore Ts'o <tytso@ATHENA.MIT.EDU>
To: phage
Date: Tue 21:11:06 08/11/1988 EST
Subject: Re: Disassembled virus?
References:
[Thread Prev: 195]
[Thread Next: 183]
[Message Prev: 180]
[Message Next: 184]
Date: Tue, 8 Nov 88 15:21:34 PST From: garlick%ucsco.UCSC.EDU@UCSCC.UCSC.EDU (Tim Garlick -- UCSC Computer Center) >If worms are outlawed, only outlaws will have worms. If we don't post it, >the world will be less prepared against the people who _do_ have it or who >can decompile and/or reimplement it. > I agree: the more knowledge I have concerning how these things are done, the better prepared I will be to prevent them in the future. The kind of people who can figure out how to do this are going to do it anyway. Of what earthly use is publishing the code that publishing the algoirthm wouldn't satisfy? Everyone knows how to prevent *this* *particular* *virus* --- fix sendmail and fingerd. The rest of the code is the "body" of the virus, and is of no interest to a sysadmin trying to improve security, but of great interest to some twit who wants to write another virus. I can think of exactly one use for the code: so that some idiotic freshman with just enough brains to hear about a secuirty hole can insert the attack into the code, type "cc", and release it to the world. How will posting the virus make people more prepared to deal with these holes? They have already been plugged. A question to those who seem so gung ho on publish the virus: Do you agree with this transformation the above statement? "If we outlaw weapons-grade plutonium, only outlaws will have weapons-grade plutonium. So let's ship it to anyone who wants it.... including terrorists who might use it to make and detonate a 5 megaton bomb in NYC." The parallel is quite good, I think. The virus source code won't tell you anything that's been already published on the list. If someone can think of some other reason why publishing the source code would be a good idea, let me know. - Ted
END OF DOCUMENT
ISSN 1742-948X 01 (Online) | 2005/03/01 | Copyright 2002-2008 securitydigest.org. All rights reserved. |