mailing list archives
Re: RE: Bening Worms (Cosmin Stejerean)
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sun, 15 May 2005 12:20:25 +1200
Stejerean, Cosmin wrote:
I think you are going a little overboard with this kind of response. The guy
The guy is clearly a chopper.
Ten minutes "research" with Google would have shown him that "benign"
worms aren't, and only a very narrow fringe of mostly highly marginal
IT folk think that the idea is worth more than immediately flushing
down the toilet. Further, among those who do think it might be a good
idea or one worth studying, that support falls off very quickly with
actual, relevant academic or work experience.
His floating such a stupid, time-worn, discredited notion, which he so
easily could have found to be such, in this list is much more closely
akin to trolling than "research".
had a couple of questions about "benign worms." If you are going to provide
some useful feedback then go ahead and do it. If you are going to write an
insulting email you should probably think twice about it.
Thanks for the advice.
I've filed it where my experience tells me it should be filed...
If I recall properly Stanford also used similar techniques to get rid of MS
Blast on their networks especially from laptop machines that were infected.
They had no administrative control over those machines yet the machines
posed a threat and the threat had to be eliminated.
Assuming this is a correct recollection of whatever...
Run that past us again -- Stanford had machines on their network that
posed a risk to the rest of their network BUT the Stanford IT folk had
no administrative rights to those machines? They couldn't configure
their network infrastructure so it didn't offer an IP to these
"anonymous" threats or at least configure it so it wouldn't route their
traffic? If there really was a "need" to allow such anonymous machines
to come and go from their network, why had they not configured their
network so it only allowed such "anonymous" machines very limited
access (such as putting them in a separate sub-net so they screwed with
each other but not with "Stanford real", and that, perhaps, only had
very limited off-site access through their firewalls)? Sounds like
Stanford runs (ran?) a _really_ screwed-up network...
Worse though, you seem to imply that it was alright for Stanford to
take action against those machines by exploiting a vulnerability on
them to "fix" the threat posed to Stanford's network. That is clearly
wrong, both ethically and legally. By acting as you suggest, Stanford
would almost certainly have been exposing itself criminally (and quite
possibly federally -- what are the odds that at least one of those
laptops "belonged" to someone doing "critical" US government work on
contract, or pretty much any work relating to the banking, or other
"critical commerce", industries).
Stanford could have legally and "rightly" acted by denying further
access to its network from machines it had no administrative control
over, but of course that would have required it to have already
designed and implemented a better network infrastructure than it seems
they had in place. Their lack of forethought in that regard in no way
justifies their unethical (and almost certainly illegal) actions.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/