| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri May 13 18:42:56 2005 From: mhoye at neon.polkaroo.net (Mike Hoye) Subject: Benign Worms On Fri, May 13, 2005 at 11:13:03AM -0500, k k wrote: > There is debate surrounding whether releasing benign worms such as Nachi or > Welcha, in general is ethical or not. But network administrators can still > create benign worms for their need (not necessarily Nachi or Welcha) and > release them in their domain to patch systems. > > 1. Do people do that? Or at least, have you considered it? No. It's lunacy. Worms spread through security holes. They are by-definition uncontrolled. If you have known security holes on a system, you should be fixing that, not relying on it for software updates. The worms you are describing are well-intentioned mistakes. Modifying somebody else's system without their permission is unethical, and if they're your own systems, you should have way, way better techniques in place for dealing with upgrades than that. > 2. If yes, under what conditions would you do that? I would employ this technique if: - I were off my medication and drinking my way through a quart of gin, or - I really, really wanted to lose my job. No sysadmin their right mind would employ the technique you describe if they wanted to stay in that line of work. > 3. If not, what prevents you from doing that? The fact that it naked, gibbering insanity. -- "I have discovered a truly remarkable heresy which this margin is too small to contain." - Jim Macdonald
Powered by blists - more mailing lists