lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1207934825-1123814516-cardhu_blackberry.rim.net-26324-@engine37>
Date: Fri Aug 12 03:42:05 2005
From: jasonc at science.org (Jason Coombs)
Subject: Re: Help put a stop to incompetent
	computerforensics

J.A. Terranson wrote:
> The simple fact of the matter is that
> "what matters" *IS* the definition,
> and you full well know it.  What
> happened here is you slipped and
> fell, and rather than admitting it
> you're crying foul - shame on you!

I didn't disagree that the broader definition of Trojan was completely unknown to me. How did I miss it? Was it me who slipped and fell, because I was being careless, or is there more to the story... This was and is a good question.

In my entire life I have not encountered a real-world use of the term Trojan where the software at issue did not grant remote access to an attacker after the Trojan infection occurred.

Now we use other terms like spyware to classify what I have recently learned used to be called Trojans.

My conclusion is that I slipped and fell because the definition has changed and computer dictionaries haven't caught up yet.

As for whether or not you'd roast me in front of the judge,

'Your honor, the evidence shows that the term Trojan hasn't been used in practice since before public dial-up access to the Internet first became possible. The parties clearly have adopted other language to describe the software in question in this case and they have formalized this language in contract. I believe that there was no definition of Trojan set forth in the contract because, your honor, neither party believed that the term Trojan needed a definition, because it's obvious to anyone with a high school education what the word Trojan means. Its only meaning to this contract (or in this patent) is the common sense meaning, regardless of the computer dictionary definitions and computer expert testimony dating back to the 1960s that the opposing counsel and opposing experts would have this court believe was in the mind of the parties (or the inventor) when they drafted this contract (or patent claim).

We're all familiar with, and have experienced, the broadening of the meaning of familiar terminology. However, the narrowing of the meaning of familiar terminology can and does also occur. I conclude, and it is my opinion, that just such a narrowing has occurred and is occurring with respect to Trojan as the term is applied and used in computing.

Who roasts who at trial? It depends on the evidence, and so far I haven't seen anything other than dictionaries that disagree with my argument above. You probably know that dictionaries are written by people, and even with peer review that often leaves room for mistakes.

Of course my argument was born out of the pain caused by my fall. But that doesn't make the argument invalid. So many people share my definition of Trojan that those of you who think you can dismiss it as wrong simply have to think twice.

Cheers,

Jason Coombs
jasonc@...ence.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ