Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Benign Worms
From: Mike Hoye <mhoye () neon polkaroo net>
Date: Fri, 13 May 2005 12:26:10 -0400

On Fri, May 13, 2005 at 11:13:03AM -0500, k k wrote:
There is debate surrounding whether releasing benign worms such as Nachi or 
Welcha, in general is ethical or not.  But network administrators can still 
create benign worms for their need (not necessarily Nachi or Welcha) and 
release them in their domain to patch systems.

1. Do people do that?  Or at least, have you considered it?

No. It's lunacy. Worms spread through security holes. They are
by-definition uncontrolled. If you have known security holes on a system,
you should be fixing that, not relying on it for software updates.

The worms you are describing are well-intentioned mistakes. Modifying
somebody else's system without their permission is unethical, and if
they're your own systems, you should have way, way better techniques
in place for dealing with upgrades than that.

2. If yes, under what conditions would you do that?

I would employ this technique if:

- I were off my medication and drinking my way through a quart of gin,
- I really, really wanted to lose my job.

No sysadmin their right mind would employ the technique you describe
if they wanted to stay in that line of work.

3. If not, what prevents you from doing that?

The fact that it naked, gibbering insanity.

"I have discovered a truly remarkable heresy which this margin is too
small to contain." - Jim Macdonald
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]