Re: [ISN] Virus Writers Here to 'Help'

From: InfoSec News (isnat_private)
Date: Wed Jan 09 2002 - 03:57:32 PST

  • Next message: InfoSec News: "[ISN] New virus first to infect Macromedia Flash"

    Forwarded from: Robert G. Ferrell <rferrellat_private>
    > "Better that you find out about a hole in your system through my
    > virus, than through some unethical cracker smashing into your
    > machine and stealing all your so-called private data," said a worm
    > writer who asked only to be identified as CAT (for "Criminal and
    > Anonymous Terrorist").
    I'm really tired of this sorry excuse for an argument.  Releasing
    malicious viral code as a "public service" is the equivalent of
    walking down a neighborhood street with an axe and chopping at every
    door you pass.  If the door collapses, you then explain to the angry
    resident that they need a stronger door, and that you were only trying
    to point out their flawed security.
    "Better that you find out about a weak door through my axe, than
    through some unethical burglar smashing through your door and stealing
    all your so-called private property."
    Allow me to point out some things that I seldom see brought up in
    discussions about this sort of 'reverse vigilantism:'
    1) My security, be it strong or weak, is my business, not yours. If I
    get broken into by an "unethical cracker," I'll deal with it.  Keep
    your unsolicited advice to yourself.  The world is a much more
    complicated place than you can imagine.  Perhaps, if you're lucky,
    you'll grow up one day and see this for yourself.  Simply being able
    to use exploit scripts, or even mastering 0-day exploit creation,
    doesn't confer either the necessary wisdom or the moral right to force
    your notion of security on other people. Just because you're smart
    enough to build a gun from scratch doesn't mean it's okay to shoot
    people with it.
    2) The 'noble quest for knowledge' that I see so frequently quoted as
    a rationalization for breaking into other people's systems (badly
    paraphrased from "The Hacker's Manifesto") is a myth.  The only
    knowledge to be gained from cracking a system in the vast majority of
    cases is knowledge about personal details stored on the system in
    question, be it corporate or private, and this knowledge is definitely
    none of your business, either.
    Let's just drop this whole "public service" charade and tell it like
    it is:  malicious code writers and Web page defacers are emotional
    adolescents with poorly developed social consciousness and very, very
    skewed morality.  They get a cheap adrenalin rush from running up
    behind people when they aren't looking and hitting them with a brick.
    This isn't a service by any definition of the word, and nor is it
    doing someone a favor.
    It's just simple assault.
    Robert G. Ferrell
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Wed Jan 09 2002 - 08:49:50 PST