ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #183 [Re: Disassembled virus?] (1 message, 1065 bytes)
NOTICE: securitydigest.org recognises the rights of all third-party works.
START OF DOCUMENT
From: rick@seismo.CSS.GOV (Rick Adams)
Date: Tue 23:19:45 08/11/1988 EST
Subject: Re: Disassembled virus?
References: [Thread Prev: 181] [Thread Next: 185] [Message Prev: 184] [Message Next: 188]
The biggest reason TO publish it is to dismiss the false sense of security that you seem to have from not publishing it. The part that really surprises me is that you think the typical grad student is too stupid to turn algorithms into code. (After all, you're willing to publicize the algorithms...) Your "parallel" is quite poor and doesn't seem at all relevant. A reasonable parallel to the plutonium in your story would be an undiscovered security hole, NOT the code itself. (Also, I'm not convinced that a 5 megaton explosion in NYC would be a bad thing, but thats another topic). Are you worried that university physics depts are teaching students enough knowledge for them to make bombs? I'm not. I understand that the knowledge necessary to make an a-bomb is relatively simple. The difficulty is in obtaining the parts and skill to assemble them. Do you honestly believe that not having an existing bomb to disassemble would be big problem? I think you've said it all without realizing it. You say "The virus source code won't tell you anything that's been published on the list". Presuming that you meant to type "that hasn't been published on the list", that is the PERFECT argument for publishing it. You said yourself that there was no new information to be gained from it. So whats the problem? I still haven't heard a convincing argument that it makes ANY difference either way. Therefor, the fact that I am curious and want to see it is enough reason to publish it. Don't delude people into thinking that your safeguarding of the code makes them more secure. It doesn't.
END OF DOCUMENT
|ISSN 1742-948X 01 (Online) | 2005/03/01 | Copyright 2002-2008 securitydigest.org. All rights reserved.|