The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #181 [Re: Disassembled virus?] (1 message, 1137 bytes)
NOTICE: recognises the rights of all third-party works.


From: Theodore Ts'o <tytso@ATHENA.MIT.EDU>
To: phage
Date: Tue 21:11:06 08/11/1988 EST
Subject: Re: Disassembled virus?
References: [Thread Prev: 195] [Thread Next: 183] [Message Prev: 180] [Message Next: 184]

   Date: Tue, 8 Nov 88 15:21:34 PST
   From: garlick%ucsco.UCSC.EDU@UCSCC.UCSC.EDU (Tim Garlick -- UCSC
       Computer Center)

   >If worms are outlawed, only outlaws will have worms.  If we don't post it,
   >the world will be less prepared against the people who _do_ have it or who
   >can decompile and/or reimplement it.

   I agree: the more knowledge I have concerning how these things are done,
   the better prepared I will be to prevent them in the future.  The kind
   of people who can figure out how to do this are going to do it anyway.

Of what earthly use is publishing the code that publishing the algoirthm
wouldn't satisfy?  Everyone knows how to prevent *this* *particular*
*virus* --- fix sendmail and fingerd.  The rest of the code is the
"body" of the virus, and is of no interest to a sysadmin trying to
improve security, but of great interest to some twit who wants to write
another virus.  I can think of exactly one use for the code:  so that
some idiotic freshman with just enough brains to hear about a secuirty
hole can insert the attack into the code, type "cc", and release it to
the world.

How will posting the virus make people more prepared to deal with these
holes?  They have already been plugged.  A question to those who seem so
gung ho on publish the virus:  Do you agree with this transformation the
above statement?

	"If we outlaw weapons-grade plutonium, only outlaws will have
	weapons-grade plutonium.  So let's ship it to anyone who wants
	it.... including terrorists who might use it to make and
	detonate a 5 megaton bomb in NYC."

The parallel is quite good, I think.  The virus source code won't tell
you anything that's been already published on the list.  If someone can
think of some other reason why publishing the source code would be a
good idea, let me know.

						- Ted