lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20050513162609.GA22462@bitchcake.off.net>
Date: Fri May 13 18:42:56 2005
From: mhoye at neon.polkaroo.net (Mike Hoye)
Subject: Benign Worms

On Fri, May 13, 2005 at 11:13:03AM -0500, k k wrote:
> There is debate surrounding whether releasing benign worms such as Nachi or 
> Welcha, in general is ethical or not.  But network administrators can still 
> create benign worms for their need (not necessarily Nachi or Welcha) and 
> release them in their domain to patch systems.
> 
> 1. Do people do that?  Or at least, have you considered it?

No. It's lunacy. Worms spread through security holes. They are
by-definition uncontrolled. If you have known security holes on a system,
you should be fixing that, not relying on it for software updates.

The worms you are describing are well-intentioned mistakes. Modifying
somebody else's system without their permission is unethical, and if
they're your own systems, you should have way, way better techniques
in place for dealing with upgrades than that.

> 2. If yes, under what conditions would you do that?

I would employ this technique if:

- I were off my medication and drinking my way through a quart of gin,
or 
- I really, really wanted to lose my job.

No sysadmin their right mind would employ the technique you describe
if they wanted to stay in that line of work.

> 3. If not, what prevents you from doing that?

The fact that it naked, gibbering insanity.

-- 
"I have discovered a truly remarkable heresy which this margin is too
small to contain." - Jim Macdonald

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ