Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: RE: Bening Worms (Cosmin Stejerean)
From: Jeremy Bishop <requiem () praetor org>
Date: Sat, 14 May 2005 22:08:05 -0700

On Saturday 14 May 2005 20:34, purplebag wrote:
This thread is hogwash. There are clearly zealots that think anything
with a worm or virus label on it is unacceptable, based on
"experience" and there are also free thinkers that do not limit the
scope of exploration to the work that has been done before them.

It does seem that the reaction comes a bit quickly.  Once bitten, twice 
shy, and all that.  That said, it seems at least a few others have 
pointed out that this problem is not the appropriate domain for a worm.

Worms generally infect machines on a stochastic basis. That means you'll 
be able to make statements like "there is an xx% probability that an 
unpatched machine on our network has been 'vaccinated' after n units of 
time".

If it's /your/ network, you should know what's attached to it.  If you 
can't figure that out, you have bigger problems.  If you do know what's 
attached to it, you can deal with each machine directly instead of 
playing with probabilities.

<snip>

Excellent choice of words as I have seen no wise teaching from the
ancients in this thread. I think you would have been better served to
use that experience to educate instead of attack. Wisdom is something
people might attribute as a result.

The 'wise teaching' seems to be that there is invariably a bug or 
incorrect assumption that turns the worm from "benign" to "bening".   I 
can find /that/ teaching with just a cursory scan over the thread.

-- 
Nothing is intrinsically good or evil,
but its manner of usage may make it so.
                   -- St. Thomas Aquinas

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]