| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun May 15 01:22:07 2005 From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: RE: Bening Worms (Cosmin Stejerean) Stejerean, Cosmin wrote: > I think you are going a little overboard with this kind of response. The guy Nope. The guy is clearly a chopper. Ten minutes "research" with Google would have shown him that "benign" worms aren't, and only a very narrow fringe of mostly highly marginal IT folk think that the idea is worth more than immediately flushing down the toilet. Further, among those who do think it might be a good idea or one worth studying, that support falls off very quickly with actual, relevant academic or work experience. His floating such a stupid, time-worn, discredited notion, which he so easily could have found to be such, in this list is much more closely akin to trolling than "research". > had a couple of questions about "benign worms." If you are going to provide > some useful feedback then go ahead and do it. If you are going to write an > insulting email you should probably think twice about it. Thanks for the advice. I've filed it where my experience tells me it should be filed... <<big snip>> > If I recall properly Stanford also used similar techniques to get rid of MS > Blast on their networks especially from laptop machines that were infected. > They had no administrative control over those machines yet the machines > posed a threat and the threat had to be eliminated. Assuming this is a correct recollection of whatever... Run that past us again -- Stanford had machines on their network that posed a risk to the rest of their network BUT the Stanford IT folk had no administrative rights to those machines? They couldn't configure their network infrastructure so it didn't offer an IP to these "anonymous" threats or at least configure it so it wouldn't route their traffic? If there really was a "need" to allow such anonymous machines to come and go from their network, why had they not configured their network so it only allowed such "anonymous" machines very limited access (such as putting them in a separate sub-net so they screwed with each other but not with "Stanford real", and that, perhaps, only had very limited off-site access through their firewalls)? Sounds like Stanford runs (ran?) a _really_ screwed-up network... Worse though, you seem to imply that it was alright for Stanford to take action against those machines by exploiting a vulnerability on them to "fix" the threat posed to Stanford's network. That is clearly wrong, both ethically and legally. By acting as you suggest, Stanford would almost certainly have been exposing itself criminally (and quite possibly federally -- what are the odds that at least one of those laptops "belonged" to someone doing "critical" US government work on contract, or pretty much any work relating to the banking, or other "critical commerce", industries). Stanford could have legally and "rightly" acted by denying further access to its network from machines it had no administrative control over, but of course that would have required it to have already designed and implemented a better network infrastructure than it seems they had in place. Their lack of forethought in that regard in no way justifies their unethical (and almost certainly illegal) actions. Regards, Nick FitzGerald
Powered by blists - more mailing lists