Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept)
From: bkfsec <bkfsec () sdf lonestar org>
Date: Wed, 11 May 2005 16:38:17 -0400
khaalel wrote:


Hi,

before sending me such emails, read Kspynix before: Firefox is not
attacked by the POC,
and such malware already exists for Unix systems although their code
are not public... that's why I code this "small" malwares (if they can
be called malware...)
I'm quite well aware that such malware exists on Unix/Linux systems. Nor was I saying that firefox was attacked by your spyware.
But then, that's even less of a reason to publish it, seeing as there really is nothing new here. 


About the ethic, it's your problem if you think it's not ethical to
publish such code, Besides don't be afraid Unix systems are always
secure.

Sure...  whatever you say...
No fear here, buddy. But, seeing as this is an open list, I'm free to question the ethical nature of your release. I think that if you'll take the time to look through the archive, you'll see that I'm a staunch advocate of full disclosure, but if there's no real gain from publishing code that can assist in harming others, chances are pretty damn good that it's unethical to publish that code. 


And i "waste" my time with what I want !!!

No argument there.


What's an ethical act for you? I wanted to publish a (snip malware type)
this week, is it ethical?
That depends. What's the purpose of publishing the code? Is there any new or interesting technique used that hasn't been charted before? If so, then I'd say it might be ethical. If it's just "because you could"... then I'd say that it would most likely be unethical to publish that code. Not to mention illegal in certain countries (I'm not advocating that it should be illegal, it just could be considered illegal..) 

            -Barry


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]