> The situation is this: you're either part of the problem, > or you're part of the solution. People can build tools that are > part of the problem, or they're part of the solution. I don't think > anyone in their right mind is going to stand up and throw rocks > at people who produce tools in good faith. It's simply ridiculous > to try to draw a parallel between someone who writes a firewall > (even a buggy one!) and someone who writes a tool that, pure and > simple, is designed for nothing but causing mayhem. I certainly > hope that, as a security professional, your professional ethics > are better than that!! It's got nothing to do with my ethics or my judgement. I'm perfectly capable of making quantifications like TFN is 95% evil or FWTK is 98% good. Internet Scanner is closer to the middle. The situation is certainly not either-or as you claim. When someone backdoors a copy of FWTK because its open source, or writes a crack for Internet Scanner, and the script kiddies start using it as their main script, it doesn't mean squat if you say "but I didn't MEAN for it to be used like THAT!" Mixter says he didn't mean for anyone to use his tool like that. > > There's always going to be a grey area in which legitimate > tools can be abused. This almost exactly aligns with the gun debate - > a long and tedious debate that I suggest we avoid in this list - but > similarly to the gun debate, society at large (legally and through > social pressure) defines what are "appropriate" tools and their > appropriate uses. It is not appropriate for me to own heavy > antitank weaponry; it is appropriate for me to own properly licensed > hunting and target weapons. It is not appropriate for me to use those > irresponsibly; it is appropriate for me to use them legally and > carefully at a supervised range. If, for a second I cross the line into > irresponsible use or inappropriate action, by threatening, endangering, > or even merely making someone uncomfortable, I have exitted the > grey area and entered into the wrong. This is a black and white > issue, and police, judges, and juries, are quite capable of > dealing with it. So it is with hackers. And we still can't come up with a list of good guns and bad guns. We have a list that varies by region that we just keep taking guns off. I'd like to see someone produce a list of what makes one piece of software useful and another evil. And for the moment, I'm not talking about use, I'm talking about production. Internet Scanner is as close to antitank weaponry as you're going to get for security tools. Judges have show themselves unable to allow proper damages in the majority of cases. > > There's a grey area in hacking - tools that are good that can be > used for evil, and a few tools that are designed for evil which > can be repurposed for legitimate ends. My opinion is that society > will cease shortly to tolerate that grey area - it's going to > narrow down (the way it has with guns) sharply in the next few > years. So what's a "good" gun? The model that law enforcement uses? Guns aren't the best example.. there are guns that shoot, and there are guns that shoot faster and harder. There's a bit more range in security tools. And once you outlawing tools, you eventually outlaw all security tools. Start with TFN, since it's 95% evil. Next, get L0phtcrack since it's 80%. Then COPS, it's 60%. Internet Scanner is about 40-50%, so it won't be long for that tool. We'll be left with MS' c2config. Whee. > > Apologists for computer crime, such as you appear to be, will > not find your voices welcome in the debate for much longer. That's > my prediction. You go stand over there with the guys who are part > of the problem. I'm going to stand over here with the people who > are sick of it, won't tolerate it, and are trying to be part of the > solution. > Either that, or it will swing my way, and apologists for law enforcement's abuses of hackers will be the minority. (I know, not likely, but I can hope.) Ryan
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:06:05 PDT