In the profound words of David Schwartz: > > Malicious code and exploit code, on the other hand, is more like a > cigarette that kills you instantly or a gun that blows up when you squeeze > the trigger. They're interesting to talk about and look at, but there is no > moral application for them. Bullshit! There are PLENTY of "moral applications" for exploit code... Just to name a few: testing your own servers to see if they are vulnerable; testing your servers after patching to verify the patch actually worked as advertized; using the exploit in an authorized penetration test type of scenario; demonstrating to clueless higher management at your place of employment the need for applying that patch that they are so reluctant to do; studying the code for educational purposes, to learn how it works, possibly for the purpose of developing something to guard against it; etc... There are many, many legitimate, "moral" uses for exploit code... Code is just like any other tool: it can be used for either good or bad purposes... It's not inherent in its design which you use it for... There is no "good" or "bad" code; only code... Plenty of so-called "good" programs have been used for very bad purposes... And, plenty of so-called "bad" programs have been used for very good purposes... -- ||========================================================================|| || Rob Seace || URL || rasat_private || || AKA: Agrajag || http://www.magrathea.com/~ras/ || robat_private || ||========================================================================|| "Trouble with a long journey like this is that you end up just talking to yourself a lot, which gets terribly boring because half the time you know what you're going to say next." - TRATEOTU
This archive was generated by hypermail 2b30 : Fri Sep 07 2001 - 14:14:36 PDT