Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Benign Worms
From: "Eric Paynter" <eric () arcticbears com>
Date: Fri, 13 May 2005 16:47:35 -0700 (PDT)

On Fri, May 13, 2005 3:49 pm, Benjamin Franz said:
There are a many laws that turn on facts rather than intent.

   "Lack of criminal intent does not shield a citizen from the BATF. In
United States v. Thomas, the defendant found a 16- inch-long gun while
horseback riding. Taking it to be an antique pistol, he pawned it. But it
turned out to be short-barreled rifle, which should have been registered
before selling. Although the prosecutor conceded that Thomas lacked
criminal intent, he was convicted of a felony anyway.[64] The Supreme
Court's decision in United States v. Freed declared that criminal intent
was not necessary for a conviction of violation of the Gun Control Act of
       David Kopel, in "Trust The People: The Case Against Gun Control"

I think we're getting a little into an argument of semantics. The
defendant did in fact *intend* to sell the weapon, which was against the
law to do. He just wasn't aware of the law. Ignorance of the law does not
protect you.

Try these two scenarios out:

1. I kill somebody with the intent to kill, and then I claim I didn't know
killing was illegal. Most courts would still say murder.

2. I kill somebody because they are attacking me with a lethal weapon. I
know killing is illegal, but my intent is not to kill the other person,
but rather to save myself, and the only way to save myself is to use
lethal force. If I can *prove* my intent was to save myself, then it is
not murder.

Back to the original argument, if the intent is to patch PCs for which I
have the authority to patch, then I'm not doing anything illegal, no
matter what kind of software I create to do it. Even if the worm that I
create somehow gets out, but I can *prove* my intent was for it to not get
out, then even though releasing a worm is illegal, the worst I might get
is criminal negligence for not taking the proper precautions.

Anyhow, I think we all agree that writing a worm to do patch management is
generally a bad idea.


arctic bears - email and dns services

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]