lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <C5A2E1DE24DB9B46AF3BE1530D5F960993D6@webserver.iridium-satellitephones.com>
From: nick at ethicsdesign.com (Nick Jacobsen)
Subject: Re: DoomJuice.A, Mydoom.A source code

Now Nick, don't take this wrong...  but this seems to me to be a case of
closing the barn door after the f***ing hourses already got away.  The
source code is now freely available from many sites, so why not share
with someone who at least seems a bit professional?
 
As four the source code, Riad...  check the following link:
http://www.astalavista.com/index.php?section=dir&id=84
<http://www.astalavista.com/index.php?section=dir&id=84> 
 
Now, I don't generally recommend that site, but hey...  if they got it,
use it...

	-----Original Message----- 
	From: Riad S. Wahby 
	Sent: Mon 2/9/2004 8:29 PM 
	To: full-disclosure@...ts.netsys.com 
	Cc: 
	Subject: [Full-Disclosure] Re: DoomJuice.A, Mydoom.A source code
	
	

	Mr. FitzGerald,
	
	Nick FitzGerald <nick@...us-l.demon.co.uk> wrote:
	> I can see how it could be used as an invaluable _publicity_
aid for
	> attracting folk to the class.  However, as a teaching aid, it
is highly
	> unlikely to be of much more or less value than the source of
any of
	> dozens upon dozens of other malwares, and and that value would
be very
	> low...
	
	People won't be attracted to the class based on the source code
I'm
	presenting, as they won't know about it beforehand.  To be sure,
the
	source to any old virus would in fact work, and I will certainly
	consider many others as well in deciding the specifics of the
	cirriculum.  My intent is to emphasize material taken from
issues that
	attendees can relate to directly; undergrads are extremely
unlikely to
	have much personal experience at all with Robert Morris's 1988
worm.
	
	> Unless you are planning on teaching malware _writing_?
	
	Of course not.  The seminar deals with the mechanisms, targets,
and
	psychology of a malware pandemic.
	
	> For folk interested in work in the antivirus and related
security
	> fields, source code is all but worthless.  We rarely have the
source
	> code of the malware we have to analyse -- at least, we rarely
have it
	> in advance of, or concurrent with, having do such analyses.
Reverse
	> engineering is the name of this game and source code is then
useless
	> -- if you have source you need not reverse and if you must
reverse you
	> would not have the source...
	
	The class in question is not about reverse engineering.  It
discusses
	not the response and interdiction from AV companies et cetera,
but the
	underlying social and technical infrastructure upon which
viruses and
	their authors rely.
	
	> Also, from a purely pedagogical perspective (I majored in
Psychology
	> and Education), I find your claim that having the source of
this
	> malware "could be an invaluable teaching aid" deeply
suspicious. 
	> Teaching from the specific is generally superficial, less
long-lasting
	> and generalizes much less well than providing a good
theoretical
	> grounding in the subject matter.  Could you expound the
theoretical
	> applications that presenting this specific malware's source
code to
	> your class would illustrate especially well?
	
	Clearly one must also recognize the importance of providing
	particulars in which to couch the theoretical.  Of course, I'm
not
	going to hand out pages of source and say "this is it kids,
study up."
	Instead, general claims will be augmented with carefully chosen,
	specific examples.
	
	> Finally, whether you obtain this code or not, what aspects of
the
	> ethics of possessing, handling, distributing, etc such code
will be you
	> be teaching?
	
	This is obviously an important topic, and one that I will go to
great
	lengths to stress.
	
	> Personally, I doubt they will be substantial (or even present)
as
	> your initial approach to obtaining the code shows a serious
lack of
	> concern for some significant ethical issues straight off...
	
	I asked people to email me personally; in doing so, I was
attempting
	to contact those who might be of assistance.  Moreover, by
attempting
	to do so in a personal context (off-list) I've implied that I'm
	willing to confirm my identity and describe in greater detail my
	intentions.  As far as I can tell, I have ignored no "ethical
issues"
	in attempting to establish a dialogue with those who might help
me.
	
	> And what controls will you be placing on your students
obtaining,
	> copying, etc the code?  Given your brazenly open and
"uncaring" request
	> here, why should we expect that you will take any special care
with the
	> code and its further distribution to and among those taking
your class
	> and their room-mates, buddies and other contacts?
	
	As I will neither be distributing code in electronic form nor
handing
	out intact code listings, there is little danger that my
students will
	be able to assemble a virus based solely on what I provide.
More to
	the point, and to be quite frank, this is MIT.  The students
here
	don't need someone else's source code to write an email virus;
they
	would, however, be well served to be shown examples germane to
the
	modern virus "landscape."
	
	My request was brief and to the point so as not to waste the
time of
	those it did not concern (a topic on which others might use a
lesson
	or two).  Your claim that it was "uncaring" is completely
without
	basis in fact.  It was an open request because I have nothing to
hide.
	It gave enough information to make initial contact with those
who
	might help me without unduly taxing the schedules of those who
cannot
	or will not.
	
	Mr. FitzGerald, I've read many of your posts to full-disclosure,
and I
	am familiar with the apparent intensity of your personality.
Clearly,
	vigilance in matters such as these is not only appropriate, but
	required.  On the other hand, your surplus of zeal in responding
to my
	message might be viewed by some as an attempt to quash the
responsible
	academic study of an issue of ever-increasing import, or
contemptuous
	holier-than-thou proselytizing based on a questionable
interpretation
	of my intentions.  In the future, I encourage you to temper your
tone
	in order to prevent such misunderstandings.
	
	Sincerely,
	
	--
	Riad Wahby
	rsw@....edu
	MIT VI-2 M.Eng
	
	_______________________________________________
	Full-Disclosure - We believe in it.
	Charter: http://lists.netsys.com/full-disclosure-charter.html
	

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 9242 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040210/d152c8e8/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ