>There's a grey area in hacking - tools that are good that can be >used for evil, and a few tools that are designed for evil which >can be repurposed for legitimate ends. My opinion is that society >will cease shortly to tolerate that grey area - it's going to >narrow down (the way it has with guns) sharply in the next few >years. Really? I'd say the grey area is going to expand. Look at the following tools: * nmap * satan There are two examples which are in the toolbox of every security professional, as well as every "computer criminal". Satan is kind of dated now, but I think you get my point. Killing the grey areas would kill the open-source and free security software tools. Mixter's code was proof of concept. How is that different than a vulnerability posting, except in the grey area of ease of use? Killing the grey areas also kills the concept of full-disclosure. What is the *LEGAL* difference between a vulnerability description that contains enough detail to write an exploit, and a perl script that actually performs the exploit???? The people that should be held responsible for this attack, if any, are the people that allow insecure systems on the internet. To continue with your gun analogy, if I leave a loaded MP-5 on my door and someone uses it to commit a crime, I should be accountable. Not HK [Mixter], but me. There is no such thing as "good code" and "bad code" (just like "good guns" and "bad guns". I for one value proof-of-concept code, even if it does make things easier for the script kiddies; the value I get is greater than the threat of the script kiddies. How long have we been telling sites to close their smurf amplifiers? How long have we been telling administrators to secure their boxen? If you leave that loaded gun on the porch don't be surprised when someone takes it. Don't later be surprised if the victim sues your pants off. Matt
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:06:22 PDT