lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat May 14 00:47:55 2005
From: eric at arcticbears.com (Eric Paynter)
Subject: Benign Worms

On Fri, May 13, 2005 3:49 pm, Benjamin Franz said:
> There are a many laws that turn on facts rather than intent.
>
>    "Lack of criminal intent does not shield a citizen from the BATF. In
> United States v. Thomas, the defendant found a 16- inch-long gun while
> horseback riding. Taking it to be an antique pistol, he pawned it. But it
> turned out to be short-barreled rifle, which should have been registered
> before selling. Although the prosecutor conceded that Thomas lacked
> criminal intent, he was convicted of a felony anyway.[64] The Supreme
> Court's decision in United States v. Freed declared that criminal intent
> was not necessary for a conviction of violation of the Gun Control Act of
> 1968.[65]"
>        David Kopel, in "Trust The People: The Case Against Gun Control"

I think we're getting a little into an argument of semantics. The
defendant did in fact *intend* to sell the weapon, which was against the
law to do. He just wasn't aware of the law. Ignorance of the law does not
protect you.

Try these two scenarios out:

1. I kill somebody with the intent to kill, and then I claim I didn't know
killing was illegal. Most courts would still say murder.

2. I kill somebody because they are attacking me with a lethal weapon. I
know killing is illegal, but my intent is not to kill the other person,
but rather to save myself, and the only way to save myself is to use
lethal force. If I can *prove* my intent was to save myself, then it is
not murder.

Back to the original argument, if the intent is to patch PCs for which I
have the authority to patch, then I'm not doing anything illegal, no
matter what kind of software I create to do it. Even if the worm that I
create somehow gets out, but I can *prove* my intent was for it to not get
out, then even though releasing a worm is illegal, the worst I might get
is criminal negligence for not taking the proper precautions.

Anyhow, I think we all agree that writing a worm to do patch management is
generally a bad idea.

-Eric

--
arctic bears - email and dns services
http://www.arcticbears.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ