Slashdot Mirror
Why Worm Writers Stay Free
savaget writes "There is an interesting Wired article explaining why worm writers are getting scott free despite their destructive deeds." Nothing really new: overworked law
officials, bragging worm writers, you do the math ;) I still find it amazing.
The bandwidth wasted by a successful worm is gigantic. To say nothing of
time and disk space.
SirCam contains this text in its code: "SirCam Version 1.0 Copyright 2001 2rP Made in / Hecho en - Cuitzeo, Michoacan Mexico."
Smith has a hunch that the author of SirCam is or was in Cuitzeo, and is probably a student. Cuitzeo is located 16 miles from Morelia City, which boasts a large university.
Talk about a blinding flash of the glaringly obvious...
Why don't these people put their worms to work doing somethign constructive? A SETI/RC5/whatever else you can do distribured worm would waste even more bandwidth, but at least it would have a purpose beyond just screwing things up.
Because all the spare law enforcement officials are giving me traffic tickets.
Rolling stop my ass.
This is the sort of thing that really pisses me off. Not to say that virus writers don't do damage or even that they are not criminals but how can you compare a computer glitch to killing 3000+ people? These virus writers are kids with too much time on their hands, they aren't terrorists! The solution isn't to toss them in jail or throw away the key, the solution is to get them to do something useful with their skills and then to use products that don't have so many security problems. </rant>
The Anti-Blog
A multi-billion dollar industry was created by writers of malware; anti-virus, tripwire, IDSes. Why would any large security company want malware authors to be caught?
Terrorists? Virus writers are terrorists? Keep it up, boys, and the word will lose all meaning and everyone will be desensitized to what it really means. Sheesh.
Obviously the legal system doesn't see them as such, yet, from the details of the article.
Karma: Excellent, but still won't get you laid.
As SirCam virus e-mails average 250kb per message, each month we pass over a gigabyte of bandwidth on this crap.
I wonder if its possible to approximate how many dollars worth of bandwidth and lost productivity have been lost to these kinds of worms. I don't see why the authors shouldn't be prosecuted more harshly. This is just large-scale vandalism that raises the prices for everyone else to make up for it.
Adversive
My cat's breath smells like cat food.
Because the Internet is a global network, authors of these worms come from all over the world, and thus there is no consitency on how they are dealt with according to local laws or lack thereof. The ramifications of such worms are not well understood by local law makers and law enforcement officials. It's quite possible that some worms could be authored by individuals or groups outside the US in which there is almost no law or order. I doubt we can justify bombing a country because of prolific worm propogation.
So, while some sit pondering on how to prosecute the authors of such worms, doesn't it make more sense to focus efforts on preventing the problems that worms cause by eliminating the well known, published ways that the past 4 or 5 recent worms have propogated? How many email worms need to take place before people realize that the worm authors are only half guilty? End users need education. Applications (read Outlook) need to provide better ability for users to limit functionality to core functions unless otherwise needed.
Catching the new virus writers and discovering their techniques is and always will be a game of "whack-a-mole". You slam the hammer down, only to find another one pops up in a "security-hole" somewhere else.
So what I'm wondering is if anyone has bothered to form an organization to do exactly that, maybe along the line of CyberAngels. Let's face it, the people who write these useless things, although they definitely aren't terrorists, are wasting other peoples' bandwidth, resources, and precious time. And they do deserve to be punished. But what's stopping the slew of arrests is a lack of manpower. Law enforcement officials can't be everywhere, they have their limits.
So what I'm suggesting is something based off of CyberAngels. The people volunteering there track down stalkers, harassers, child pornographers, and other "cybercrimes" that go beyond the Internet and into your personal life. They do good work. My idea then, is much the same. Get people with the necessary skills, who understand the net, understand the technology, and make use of those skills to help track down all those worm writers, script kiddies, and the like.
Personally, I think it may work. Anyone have any thoughts?
There is no escape from The Muffin.
I don't blame the worm writers. Blaming them is like blaming the rain. Rain is a feature of our planet and worms and viruses are a feature of Microsoft software. Writing a Word template, no matter how complex or unusual, is not a crime. Releasing email clients and operating systems that blow up or do really weird things when they encounter Word templates ... that's questionable.
Contrary to popular belief, _nobody_ dies when someone releases a worm. Sure, the Internet gets slowed down, a headache is made for all kinds of computer people, but outside of the Internet, nobody dies. Production doesn't stop in our factories, our banks and credit cards keep making debt for people, the hospitals don't keel over.
The world is just not that dependant on the Internet, and never will be. Worms are definitely annoying, but they aren't hurting anyone physically, ever.
"Look at me, I invented the stove!" -- Ben Franklin
From the original post (emphasis added):
Not to say that virus writers ... are not criminals but ... they aren't terrorists!
I think you missed Christianfreak's point. They are criminals. They should be punished (or, better yet, rehabilitated... but when have we ever done that with criminals?). But they are not terrorists.
Granted, terrorism doesn't have to involve killing, but these kids aren't trying to make some crazed point. They're not striving to strike fear into the heart of everyone in the nation. They are simply, as Christianfreak put it, kids with too much time on their hands.
The people equating virus/worm writers with terrorists seem to be putting their bottom line at least on par with, if not above, the value of human life. That frightens me more than the network being down for a couple of days ever would.
"Cyber criminals are like idiot Hansel and Gretels, scattering electronic breadcrumbs that lead straight to them," said retired New York City detective Pete Angonasta. "You just don't see this sort of behavior in other criminals. I've never seen a burglar leaving cute notes crediting the crime to himself. "
This detective must have never watched the old Batman shows.
But even when writers are caught and brought to trial, the legal system often doesn't know what to do with them.
Pah! I know what to do with them. Charge the writer of a virus/worm for time the Admin puts in to fix or block their poisoned program. If the virus/worm writer doesn't have the money, then the Admin will charge through violence to where one hit upside the virus/worm writer's skull with a 2"x4" will be exchangable to 15 minutes of the Admin's time that could have been better spent.
Sorry to rant, but virus/worm copycats^Wwriters really get on my nerves, especially when I could be spending that time doing something with my friends, instead of telling sendmail to block out the latest "Melissa" clones.
/*drunk.. fix later*/
Though I think those responsible for writing these need to share some responsibility, particulaly if they are the ones who released it, or if they wrote it intending to release it...
I, personally, don't ever feel anger towards those who wrote these. 99% of them spread due to the sheer ignorance of the masses.
Or rather, if someone in the company opens a virus attachment, and it spreads, I don't say 'damn virus'.. I get mad at the employee. There is NO EXCUSE for not understanding what to open.
yet the worms usually exploit holes that have had patches available for MONTHS (i.e., code red). Who's fault is that?
DO NOT DISTURB THE SE
Why do worm writers stay free? Maybe they've accumulated enough hotel points on their credit cards.
The evaluation of an action as 'practical' . . . depends on what it is that one wishes to practice.
I don't know... Maybe it's just my imagination...
Just seeing 'informed' and 'authorities' together just made me picture a Hippo and an Aligator dancing. Those two words just don;t go together well.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
"If someone left their front door unlocked ... " Gah, I am so sick of hearing that analogy every time someone talks about computer security. Phisical theft and defacement is not the same as digital. So what would be a better analogy?
Imagine if someone went to a photographer and had some "personal" photos taken for their spouse. And that the photographer made poster-size prints and put them in the front window with a sign saying, "Please don't look at these."
Would you prosecute the 13-year-old kid who came by and looked at them? How about if he took picutres of the posters and put them up on his web site? The originals are still "secure" in the studio's safe. How can you blame the photographer?
If current computer law (UCITA, DMCA) were applied to this situation, the 13-year-old would be in jail and the photographer would be suing me for telling you that the posters were available.
Nope, no sig
I really liked the analogy a previous poster in a different thread had come up with:
Virus/worm authors are like cockroaches. Sure it sucks to have to deal with them, but it's your own damn fault. And prosecuting is pointless - there's a million more where the last one came from.
Most current viruses are NOT very sophisticated. They exploit wide-open security holes in unpatched operating systems that were produced by careless vendors. It's like getting pissed at people walking into your house at all hours of the night. Yes, they shouldn't be doing it - but if you were locking your doors it wouldn't be a problem.
My point is that the blame should not fall entirely on the virus/worm authors. It should be evenly distributed between the vendor (for being negligent with regard to security); the system admin (for the same); and the virus author.
Economic damages, bandwidth loss, destroyed data, and wasted time are harder for a cop to take seriously than, for instance, a body on the ground... It is an interesting thought experiment to consider what will happen when a teenager playing in an advanced biology course cultures a virulent bacteria or virus.
...Or consider if "goner" had been tracked to the other side of the tanks... to a group a Palestinians.
I'm all for considering computer crimes as "real" crimes. The damages you mention are real, the crime is real. The motivation whether it's greed, political activism, or just being a "prankster" is irrelevant. Such attacks on computer systems and networks can do enormous economic damage and should be treated as serious crimes.
But you undermine the argument by overstating it and picking examples of even more serious crimes to compare them to. A cop takes a body on the ground more seriously than economic damage, bandwidth loss, destroyed data and lost time because it IS much much more serious. A microbiology student infecting people with a real virus would be a far more serious crime than even the most damaging computer virus.
That is a very interesting thought experiment. I'm a little torn on this since in general I think the act is what should be considered illegal not the motivation behind it. The "not guilty by reason of sincerity" defense (if we approve of your cause) as well as "EXTRA guilty by reason of sincerity" (if we don't approve of your cause) are abhorant to me. They raise the specter of state sanctioned lawlessness and "thought crimes" - It is a mix I associate with tyranny, think of the mutually reinforcing state sponsored lawlessness of kristalnacht and the totalitarian state control of everything else.
On the other hand being blind to considerations of motivation and association could be taken too far. Society, if only to protect itself must take them into account. A lone hacker causing massive economic damage as a prank is a different kind of *threat* than an ideologically driven organization with a stated goal of destroying the society - even if the *crime* is identical. The organization is treated more seriously not because the crime is more serious but because the threat is more serious.
See how stupid it sounds when you give it a real world analogy? This is the same logic that says that if your house is unlocked then it's legal to rob it. If people were made to defend themselves from every threat then there'd be no need for police or defence forces. The sad thing is that some people believe this "Well, they were vulnerable, they were asking for it. They should have been more careful! Not my fault."
Now, I agree that Microsoft needs to focus more strongly on security but people who write malicous code are still criminals, not terrorists but still criminals.
First, the "WiReD" article confuses worm - a program or process that propagates itself to a different computer, usually via some networking protocol, and chainmail - an email message that requires human intervention to automatically send out more email messages, usually containing the same or slightly evolved chainmail. WiReD should straighten up its vocabulary on this issue, they do no service to anyone confusing the two.
Second, the techniques used by both chainmail and worms are all used by legitimate scripts, programs and emails. How does law enforcement propose to declare one email message a crime, and another legitimate? And I don't mean "Let's ask some expert like Graham Cluely."
Sure an IIS worm like Code Red usually uses some initial exploit, like overflowing a buffer in an IIS module or service or plug-in or whatever the MSFT lingo is, but Nimda used a variety of techniques built in to IIS, "shares" and Outlook. The variety of Outlook worms (Anna Kournikova, Nude Housewife, etc etc) and even the CHRISTMA EXE chainmail of 1987 used entirely legitimate techniques built in to Outlook and other email viewers. The 1988 Internet Worm used both legitimate techniques (BSD "r" commands that didn't require a password) and exploits like "fingerd" buffer overflows. How do we define the crime - "I didn't authorize this use of Outlook" really doesn't amount to a way to decide whether or not a particular program committed a crime. Similary, worms like x.c get telnet servers to crash in particular ways when they spread. Gee whiz, a network server process crashes! That's news, for sure. I guess that hasn't happened to me since yesterday. How do we make one instance of a crashed program a crime, and another instance into a bug report?
Does anybody have any figures? how much bandwith is used up during a worm attack such as nimbda?
Imperium et libertas
Autocracy and freedom
Since some people are confused, let's look it up in the dictionary.
Now, I do agree that a skilled person could use computer viruses for the purposes of terrorism, as defined above. But clearly 99% of viruses do not fall into the category of terrorism, and therefore calling their creators terrorists is quite a stretch. Most of them are smart young people with no common sense, no direction, and a distorted sense of right and wrong
I'm sure Russ Cooper is more interested in getting his site linked from wired, and knows mentioning the buzzword 'terrorist' is sure to get a soundbyte.
"And like that
Did you even read the post?
Not to say that virus writers don't do damage or even that they are not criminals
The writer agrees that they are criminals. The poster simply says that the writers are not terrorists, as the original article implies. I agree completely.
Anyone calling them "terrorists" is just as guilty of using the Sept. 11 attacks for their own good as Saturn is in their latest line of commercials, trying to sell more cars "because it is our duty as Americans."
Treat them as criminals, not terrorists. There is a huge difference, and hopefully the American people can remember that difference when we start trying Middle-Easterners for expired visas.
To put this argument another way, if you break into my car, should you be tried as a terrorist?
- (c) 2018 Hank Zimmerman
The equipment was not damaged, just your ability to see what you expect in both scenarios.
So you experience no financial harm if I erase every bit on your hard drives, CD-ROMs, DVDs, floppies, and video tapes? Yes, a good disaster recovery plan will incorporate backups to restore data, but it takes time. Here's the equation:
Loss of data = loss of time = loss of money
For computer, yes, it's trivial compared to a building. For millions it can be comparable.
I would further suggest that the cost of recreating a software installation and configuration, as well as restoration of data, will be comparable to the cost of setting up the system in the first place - maybe a little more, maybe a little less, but in the same ballpark. I think the same is true of rebuilding a building. There is no permanent damage to the computer - granted. But there is no permanent damage to the building when you blow a hole in the side, either - the damage can be repaired. Just because the damage is "virtual" rather than physical doesn't make it any less costly. And frankly, the only two types of damage suffered in a terrorist attack are human suffering/death financial losses. I fail to see why wiping 1 million hard drives is necessarily qualitatively different from demolishing one building.
Over the last few months the word "terrorist" has lost all meaning. I also heard the other day that child pornographers were being called terrorists. And of course the Isrealis, Palestinians, and Americans are terrorists, depending on who you ask. I'm sure the people who set fires around Sydney were terrorists too. Nowadays a terrorist is anybody you don't like.
The old definition of terrorist was somebody who used terror as a tool to some political ends. Basically, if you can't defeat your enemy in a head-on attack, you choose an easy target calculated to demoralize the enemy.
It's too bad, because 'terrorist' really was a useful word. Now that it's being used so broadly there's no concise way to talk about 'classic' terrorists.
It is tempting, if the only tool you have is a hammer, to treat everything as if it were a nail. - Abraham Maslow
In the case of laying some responsibility at the feet of the OS writer and the System Administrators, in the first case it is their job to make sure that their product is reasonably secure. In the second case it is part of their job to keep up with the security patches and make sure that the corporate systems are reasonably secure.
In the case of the people who wrote the OS or software that gets compromised again and again, a better analogy might be to compare them to a bunch of builders who build houses with no locks or faulty locks that fail to keep people out.
In the second case, you might compare the system administrator to someone who bought the house and then didn't take any action when the lock recall went out (or he didn't install it becase installing the new lock makes the toilet stop flushing...) In many cases he does this even though he lives in a hood known for its high level of break-ins and robberies.
When it's your job to make sure the company's network is reasonably secure and the same attacks against holes that were announced months ago work again and again to compromise that security, I'd say you're not doing your job very well. Excuses may be made, like "The fix breaks 14 other things" or "We didn't have time to test it on all the company platforms." In the first case I'd say the vendor is at fault and if they can't fix the problem to your satisfaction maybe you should consider a new vendor. In the second case, I might want to send some blame the way of the CIO/CEO as the department is obviously underfunded or the corporate infrastructure is badly designed.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
One thing about Corps, they're generally consistent. Of course, that's generally, not always.
Under capitalism man exploits man. Under communism it's the other way around.
Would you prosecute the 13-year-old kid who came by and looked at them? How about if he took picutres of the posters and put them up on his web site? The originals are still "secure" in the studio's safe. How can you blame the photographer?
Your analogy only makes sense if cracking a site requires a passive activity such as accidentally visiting a URL or attempting to connect via FTP. Unfortunately, most cracking involves active malicious intent by the perpetrators which doesn't jibe with your analogy.
A better analogy would be if the photographer had the pictures in a drawer marked and some teenager felt that he/she couldn't resist looking at the pictures. The teenager is still in the wrong but one can also blame the photographer for not taking better precautions which means both parties are at fault which is the case in most cases of cracking websites.
Your new metaphor vapid on so many levels.
You imply that digital data has no intrinsic worth, and therefore can't be stolen. What century are you living in? Future generations will view your analogy as hopelessly anachronistic, something like stories your grandpa tells today about one-room schoolhouses.
And as for the substance of your analogy - "a guy takes nude pix of his wife and puts them up in his window with a sign saying don't look at these" - how does this utterly absurd statement clear things up for you better than the "if you leave your front door unlocked" one? Do you even know what your point is?
Invisible Agent
This post is a mirror; when a monkey stares in, no hacker gazes out.
I am of the belief that there is practically no piece of software that should be illegal. This includes viruses, worms, spamware and other software with no redeeming qualities. It's one of those slippery slope problems where you're banning certain types of speech, but it could easily get murky as to what was a worm or a virus. Some security software has just as much legitimate use as it has potential for misuse.
The only rational solution, as is the case with other "banning the tool vs. banning the act" problems, is to ban the act of dissemminating virii or worms maliciously. Banning certain types of software is an ill-conceived notion, just like banning certain guns.
Those who believe that software (in the US at least) is constitutionally protected speech may want to think twice if they believe virus writers should be prosecuted. Judging software based on its purpose is probably impossible - is deCSS a tool for piracy or for interoperability? Depending on who you ask, you will get 2 different answers. Is back orifice a security tool or a hacking tool? Is it a virus? Should the writers be prosecuted?
Virus/worm software does have redeeming educational value, however little.. it's useful for exposing vulnerabilities, even if it only shows that the end user is stupid.
So even though virii, worms, spamware etc. are a pain in the ass, I do support your right to create any type of software you like. The other alternative, banning classes of software, is actually more dangerous.
Note this has nothing to do with my view on copyright. Of course if you infringe someone else's copyright in your software you are breaking the law.
Somewhat off topic...
But a few months ago, a system I maintained got hit by a cracker. Completely my fault, had a rather obvious security hole. So, I shrugged my shoulders and went about the task of reloading the system. Only I didn't patch up the new load right away, and he got back in, playing exactly the same games. Removing log files and setting up irc bouncers. Sure, I could have spent another hour and done a reload correctly at this point, but I decided to play with this guy for a while. Since the machine wasn't vital to any operations, I simply quarantined it on its own network, and set another system on that network strand to sniff all data going to and from the telnet and ftp ports.
Then I let the guy have fun. I'd hate to make assumptions as to his age, because I never did find out exactly, but judging by his rather brazen messages I'd place him in the sub-20 crowd. So after obtaining logs from more than five ip addresses from an ISP, I called the ISP and after they figured out which customer of theirs it was, I had them call the customer and mention that I'd be pressing charges if it didn't stop. It stopped. Completely. Never even tried again.
Now, I know as well as most poeple, that even if law enforcment even paid attention to me, it probably wouldn't go anywhere. I figure it was probably the parents of that kid that got the phone call from the ISP and while they may not be completely aware of what their son was doing, they were pretty damn well aware of what the scare word "hacker" meant and probably started to monitor the activities of their son a little more closely, as they realize they'd be legally liable if someone actually DID press charges.
I'm sure this cocky guy didn't stop of his own free will just because he realized someone was on to him. He knew I was on to him before that and was making quite a scene when he thought he had thwarted my sneaky logging techniques (he wasn't aware of the sniffing). If he was smart he would have stopped then, but no, he kept on trudging. But a single phone call stopped him.
I almost have to assume it was the parents.
-Restil
Play with my webcams and lights here
D'oh.
Expanding a vast wasteland since 1996.
CmdrTaco writes:
if you've ever been on the receiving end of a round-the-clock DDoS attack from irc packet kiddies, you know about wasted bandwidth. worms seem to be a mere drop on the bucket.
the only difference is - worms are indiscriminant; they walk their way thru IP blocks no matter who owns them. so big ISPs get their panties in a bunch and can use their muscle to bargain for the FBI's time. irc revenge DDoS is usually directed towards EFNet servers at the handful of ISPs who are brave enough to still be operating one.
but, these two issues are related. the machines infected with the worms (which expose massive exploits) are usually taken over as zombies for nefarious bidding (such as the aforementioned DDoS).
perhaps then we can roll in responsibility for the DDoS to the charges against the worm writers? then the cost of bandwidth soars astronomically and can probably justify more significant prosecution. (and hey, maybe get a little bit of 'official' attention to this problem (DDoS) that's been going on for years).
www.pixelectric.com
That sig may compare Gates to Hitler, but only in ideaology. It doesn't say Bill should be treated like a war criminal. Indeed, there are many people that think like Hitler, but they havn't acted on the urge to go kill thousands of people.
I happen to like a web page that compares Margret Sanger's ideaology with the Aryan ideology. It doesn't say she should be(have been) hanged for crimes against humanity (because she didn't personally commit any).
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
You've learned about computers completely backwards. You downloaded "toolz," then wrote "nukes" and "game cheaters" and you somehow think this qualifies you as a "programmer?" You're kidding yourself.
Don't you realize that you'll be slaving in some code-shop for the rest of your life? Don't you ever want to do anything exciting? Why not go to school and do the work and actually get a clue about what is going on with computers.
Do you know what a red-black tree is? How about a context-free grammar? What is Chomsky normal form? For that matter what is conjunctive normal form? Can you describe the LALR algorithm? How about operator precedence parsing? What is the difference between a synthetic attribute and in inherited attribute? What does TLB stand for, and what does it do? What is the meaning of the term "re-entrant?" Why would a fully re-entrant Linux kernel kick ass? What would be difficult about doing it? What is the meaning of the term "cryptographically secure hash?" Describe alpha-beta game-tree pruning. How about STRIPS planning? Go and implement a backprop neural network with weight decay and momentum. Tell me the time-complexity of the last algorithm you wrote. And finally, what does it mean for a problem to be NP-complete?
Look, this is not Ancient Lore known only to the oldest and wisest code-wizards. This is stuff that every CS graduate, even from the crappiest school in the country, knows. Without this sort of knowledge you'll just be another code-monkey.
If you read their click-wrap agreement, it says:
When I contacted AMI about the Y2K problem on a 1993 motherboard, they told me there waas no bios update, but they would be willing to sell me a clock card.
Fight Spammers!
...and the next Internet worm I write will have the following string "Made by JonKatz, Bill Gates, and George Bush".
Strings inside code could be used as evidence, but they are not very serious evidence, not more serious than a papernote left by a burglar saying "I wasn't!". After all, we don't want incrimination to be that easy.
While I don't disagree that virus writers shouldn't get some correction (be it therapy, jail time, or a few whacks with a cane), if you were stupid enough to not have backups of your thesis, you shouldn't be a bloody doctor.
A lot of CS graduates might have known this, but most have forgotten. A lot of us are "code-monkeys", but there's good code-monkeys (doing design as well as development) and bad code-monkeys (just doing grunt work to spec)
A lot of the stuff you've mentioned is pretty dang academic, and only comes in piecemeal to day to day applications, if at all.
SO YOU'RE GOING TO DIE: The Comic for Dealing with Death
Why do worm writers stay free?
Would that be free as in beer or Free as in speech?
You imply that digital data has no intrinsic worth, and therefore can't be stolen.
This is exactly the mindset I was criticizing. I didn't say or imply that digital data has no intrinsic worth. I said that its worth had to be calculated differently from the worth of phsical goods.
Theft of physical goods deprives the rightful owner of their use. Copying of digital goods does not deprive anyone of their use, but in fact greatly increases the number of people who may potentially use them. This could, of course, possibly reduce the value of the digital goods. Certain information is only valuable when it is not widely known. This is why Digital Rights Managment is so important to the RIAA and MPAA.
The point of the analogy, since you seem to have missed it, is that the customer pays someone for a product, and the provider doesn't take steps to ensure that the product is secure. The fact that EULA's have not been tested in court is the only reason software producers continue to believe this is acceptable.
Nope, no sig
First off, many of them are smart enough to not put their name and address in the worm/virus. (Suprise! if youre smart enough to write this you might have a tiny bit of common sense.) Second, most are from outside the country, WHERE THE US GOVT. HAS NO JURISDICTION. Read that closely everyone, the FBI cannot go into china and arrest someone. and many countries are getting sick of the free-raid mentality that the US govt has had lately. Would you let your neighbor constantly search your house for problems? maybe at first, but when your neighbor starts taking your things because they look suspicious or sren;t allowed in his home... then you start to get pissed.
The people in our Govt are the problem and the terrorists. They try and generate fear in the public about what these worms can do!
I say we leave it to a team of geeks to find these people, and then bludgeon them with rubber hoses and soap in socks.. 3 months in prison wont stop them but the fear of getting their ass kicked by a few pissed IS/IT people will.
Do not look at laser with remaining good eye.
And despite all these terms, algos, theories, etc, most of them still can't write their way out of a wet paper bag without creating buffer overflows and other gaping security exploits (or contribute to the Interface Hall of Shame).
... differently oddly. :)
Book learning is just as equal as practical learning. Neither alone makes a good programmer. One just speaks oddly, and the other speaks
AC left out one critical phrase from that definition of terrorism:
terrorism: The unlawful use or threatened use of force or violence, not authorized by a government, by a person or an organized group against people or property with the intention of intimidating or coercing societies or governments, often for ideological or political reasons.
That is, it's violent crime for political reasons. And note that with this definition, any laws against terrorism are redundant -- blowing up buildings is already illegal, blowing up buildings with people in them is more illegal (murder), etc. You don't need anti-terrorist laws, you just need effective enforcement of the usual laws, including doing something about other nations which shelter conspiracies to commit crimes in your nation. So when politicians rush out to pass more laws, ask whether they are (1) pandering to popular hysteria by passing unneeded laws, or (2) extending the power of government to meddle with political groups, thereby making it even harder to get the incumbents unelected...
Of course, by that definition, nonviolent crimes such as computer exploits are certainly not terrorism. When someone calls a non-violent crime, or a non-crime, "terrorism", I rather suspect that he belongs to group 2 above. But this sort of re-definition just pushes us closer to the most cynical definition of "terrorism": individuals or non-governmental groups doing what governments do.
After all, the FBI apparently now has a trojan program that insinuates itself into your system, records your keystrokes, and sends them your passwords. And if they can't directly get to the target system itself, want to bet they won't embed that in a virus to feed to any vulnerable machine on your local net? But they aren't terrorists -- because they're the gov't...
Free as in beer
Free as in software
Free as in worm author
Terrorism implies creating terror. I'm sorry, but most people are simply not scared by the prospect of finding a virus attachment in their E-mail: it is both common and easily dealt with.
Worms and viruses are the equivalent of teenagers skateboarding in a China shop. Sure, technically, if they knock something over, they are responsible. But why the hell did the shop keeper allow skateboards in the shop in the first place?
It would be a sweet deal for Internet businesses to be able to have all their security-related costs to the public. But the people who should pay for Internet security are the ones benefitting from Internet business--the merchants and infrastructure providers. Putting this responsibility on the public amounts to a huge corporate welfare check for Microsoft and Internet businesses, who get to keep making profits without bearing the cost of security.
IMNSHO the most annoying aspect of those worms is the poor quality of the code. Total ignorance.
It's enough to take a quick look at my server's logs to see a bunch of attempts to exploit IIS holes in Apache! This alone makes me wanna put them behind bars...
For God's sake, all they have to do is check the server type and thus spare lots of bandwidth. A real coder would do that.
Apparently VB aware script kiddies wouldn't...
The bandwidth wasted by a successful worm is gigantic. To say nothing of time and disk space.
In terms of bandwidth/time/storage space, which is worse for the net as a whole, then? Is it successful worms, or is it really the spam?
I think it's the spam... and since I've never been directly affected by a successful worm, I most certainly would rather see spammers get jailtime rather than worm writers, if I had to choose one or the other.
Both would certainly be acceptable.
"Alcohol, Tobacco, Firearms, and Explosives" should be a convenience store, not a government agency.
Punish the script kiddies? Why? Damage? What damage? A few million dollars here, a few million there, it's only money!
Let's get our priorities straight! Now that Sklyarov guy, there's a dangerous criminal! His ultra-dangerous Adobe-buster is cyber-terrorism at it's worst! That must be why Skylarov has spent more time in jail than all the script kiddies in the world combined. And people think our government doesn't have any sense of priority! Way to go DOJ!
There are stupid people all over this world and they are allowed to be stupid.
Replacing the candles on a birthday cake with sticks of dynamite is a dangerous and antisocial practice. Anyone who does this can not succesfully argue that the person who is at fault is the one who stupidly lit the fuses. It may be true that it is easy to tell the difference and only a fool would light the fuses, but that does not absolve the dynamiter.
The Future of Human Evolution: Autonomy
I happen to like a web page that compares Margret Sanger's ideaology with the Aryan ideology. It doesn't say she should be(have been) hanged for crimes against humanity (because she didn't personally commit any).
Wow. Before now, I wasn't sure what a libruhl Freeper sounded like. Here's a link, in case anyone is wondering why this fucking clown thinks someone who was persecuted and prosecuted for spreading information about preventing STDs and unwanted pregnancies is the moral equivalent of a Nazi sympathizer.
If you have a problem with Nazi supporters in the US, you need to look to the right and not to the left. It sure as hell wasn't wobblies, unionists, and labor activists who bankrolled that monster. Think bankers and industrialists, and particularly think the Bushes.
--
Freeper Logic
The other half is because people have ignorantly abrogated their responsibility for prosecuting their own loss.
If just ONE of those companies that "lost billions" had prosecuted the perp themselves, we wouldn't be having this discussion.
But no, we sit here and decry how "law enforcement is overworked" to do all the prosecuting for us. And in those places where medical service is also government provided? Gee, the same discussion, how "medical providers are overworked".
Maybe the pattern this obvious to me is obvious to others. Has anyone who claims to have lost money gone after a virus writer? Anyone? Any company? Any organization?
The negative effects of abrogating your physical security to "law enforcement" is well known. There is very little argument that even the best firewall does not eliminate the requirement that individual PC's and servers be individually hardened.
Yet with all this emphasis on distributed defense, there is not a distributed offence against these virus writers?
Bob-
The Ludwig von Mises Institute. The reasoning individuals economics
Its not just a question of having backups of major files. If in the middle of a deadline your computer crashes and burns and you spend the next 2 days rebuilding it that is still damage. I don't know about you but my time is valuable. I don't need the headache of doing that because some kid thought showing off to his buddies would be a good idea.
Erlang Developer and podcaster
It's normal in many parts of the world to pay for the traffic actually used - I live in Australia, where the normal charge is on the order of 5-10 cents per megabyte. That gigabyte suddenly costs on the order of $100-$200 . . .
/I/ pay12c/MB for incoming traffic. A couple of hundred a month is real money for me.
/they/ have to pay for bandwidth - ISPs do, too, they just incorporate the costs into their pricing structures). It might seem like bandwidth is essentially free, particularly if you're in the US, but it's /not/. That kind of thinking is part of why so many cheap ISPs go under.
/does/ cost money, and that money has to come from somewhere. Worms like SirCam are more than just minor annoyances consuming negligible capacity on the network.
Sure, that's not much if you're talking about a company, but I live in a residential college, and
And what if you have a bandwidth cap? You find yourself on some worm's hitlist, and suddenly it's gone, and you have to pay excess to stay online.
What's more, you're completely ignoring the cost to the infrastructure providers (hint:
The kind of calculation you made is really naive. Which isn't to say that the kind of stupid calculations companies and law enforcement people throw about are accurate, of course - the reality probably lies somewhere in between. But bandwidth
himi
My very own DeCSS mirror.
Nicely reasoned. But what ever gave you the idea I'm a Democrat or a supporter of "hate crime" legislation?