| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed May 11 17:40:14 2005
From: bkfsec at sdf.lonestar.org (bkfsec)
Subject: KSpynix ::: the Unix version of KSpyware? (Proof
Of Concept)
James Tucker wrote:
>Firefox was safe(r) for a time, now exposure has driven it to become a
>viable and "timeworthy" market for the spyware and malware
>communities. The same will come of operating systems and any other
>highly pervasive applications.
>
>
>
Well, yeah, but I still wouldn't be throwing away GNU/Linux just yet on
that front. I would argue that it's still entirely possible to build a
GNU/Linux system that is more secure than a MS Windows system,
relatively speaking. (Note: I am not saying that GNU/Linux doesn't have
its share of security issues and I am not saying that one can't create a
well-secured Windows server.)
However, that's getting off track. That would be getting into system
configuration and design as they relate to vulnerabilities. That's
another discussion altogether.
Going back on track, I wouldn't support the creation of packages such as
this for any OS. I just don't think it's ethical. Like I said, there's
a big difference between a POC and a worm. Coding POCs is just fine, if
it's done ethically. Coding worms as an example, however, is where you
cross the line from just creating a proof of concept and into turning
that proof onto others in order to harm them. Also, I'm not getting
into rights here, I'm just talking about the ethics of the situation.
In the case of spyware, no proof of concept was needed because anyone
with any knowledge of systems at all could tell you that it could be done.
-Barry
Powered by blists - more mailing lists