All We Want Is Whatever's On Your Machine

kubla2000 writes: "A breathless story about how the best defense against [fill in the blank: piracy, virii, hacking] is a good offense at CNet. What struck me most though is that in the midst of the rant from Timothy Mullen (no stranger to hacking the hack as this story from computerworld magazine shows, was a throw-away line justifying the RIAA and MPAA's appeal to Congress to make it legal to do this! It seems the bandwagons have started rolling. Who's next to jump on?"

OK, time to fire up the worms...

[reezle]

I seem to recall stories of hackers gaiing access to machines, then closing up all the security holes so the machine would stay 'theirs'....

Who wants to get together and build a worm that does nothing but fix known security problems? We can make it grab all it's data from a chat-room, or web page, so it can stay small, but call upon a large database of known exploits, download them to the machine, and execute them...

Perhaps self modifying? To take advantage of newer exploits as they are found, so it can continue spreading itself? (Again data taken from IRC or Web URL) Perhaps just several variants of the worm...

What fun we could have!

Re:OK, time to fire up the worms...

[jmp]

And what are the consequences if your worm has just one bug?

How would you "recall" a faulty worm? Write another worm to chase it and kill it? Get real.

Re:OK, time to fire up the worms...

[Mercaptan]

That's a great idea.

And how about in real life? Like contractors should roam the streets and randomly break into peoples' houses to fix things. No biggie right? If you come home and there are guys in tool belts breaking down your walls and moving your stuff around, you should welcome them with open arms, right?

Oh and we should absolve these roving contractor crews from any associated liablities too. After all, they're doing it for the good of all.

In the meantime, I'll stick with downloading and implementing fixes from trusted sources, and hiring bonded and insured contractors.

What article did Timothy read?

[pete-classic]

I don't see where Mullen defends the "DOS for the sake of copyright."

What he says on the issue is:

Mullen said his hack-back idea is different because it is designed to improve the security of cyberspace and would not harm any computer systems.

What he seems to be advocating is decriminalization of defending your computer against an active attack. I tend to agree. It's like saying it isn't theft to take a crowbar away from someone who is using it to jimmy your front door.

The author has blurred all sorts of lines, viruses and worms, copyright and attack, defense of ones computer and defense of ones IP.

I'd be interested to hear Mullen's comments on the story.

-Peter

Legally tenuous, surely?

[Telex4]

If this article were advocating that people could go on "white-hat" vigilante attacks against people they didn't like, everyone would point out how ridiculous that would be. Well this is really pretty similar, because if you say that it is legal to crack computers causing problems to other computers, then you have all kinds of ways of weasling out of trouble for cracking. Script kiddies would be delighted!

As usual, this just sidesteps the more important issue which is that of secure software. If Microsoft tied up he bugs in Outlook and finally realised/admitted that secure by default is more important than snazzy and integrated by default, we wouldn't have half these problems. And if the software industry in general were really made to be more careful about its security, we could sit back and relax *a little*.

This sort of idea does little to prevent malicious scripts, and does a lot of encourage vigilantism, which is exactly the sort of nonsense that just makes things worse, and opens the legal doors to companies cracking into your computer to check if you've written about their products (y'never know lol).

Re:Incoherant headline

[Xzzy]

> Is it me, or is this story's headline totally
> incoherant?

No, it's cut straight out of 'The Slashdot Guide for Guaranteeing your Submission is Accepted', chapter 2 which discusses creating a sensationalist headline that enables people to leap to conclusions about a story before reading it.

Bonus points are awarded for managing to make it sound like it's an issue of the man against the little man.

Cause yeah, I picked that up too.. the headline and following text had almost nothing to do with the actual story.

I'd suggest the guy submitted before reading the story, but trying to comprehend the lack of thought that would require makes my brain hurt.

Vigilante justice is not the solution

[hagbard5235]

Vigilante justice is not the solution. When I discover someone has burgled my house, and I have reason to believe I KNOW who did it, that does not entitle me to go break into their house to take my stuff back and avenge myself upon them.

It's important to remember WHY vigilante actions are generally illegal:

• They are highly error prone
• They effectively invalidate all of the accused rights summarily.
• They lead to chains of criminal behavior that can be hard to unravel.

I can only think of one set of circumstances in which our culture and law condone vigilante justice: self defense of a human being against bodily harm.

It is important to remember that computer crime is almost universally property crime. With rare exceptions there is absolutely no danger to the person of a human being posed by computer cracking, and thus no reasonable basis for authorizing vigilante justice.

Re:Vigilante justice is not the solution

[hagbard5235]

In general you have just as much authority to use force to defend another person from violence as you do to defend yourself. Even if you don't know the person.

Sure, no problem there. I don't see anything in my statements that suggested that you didn't have as much right to use violence to defend someone else from bodily harm as you do to defend yourself from bodily harm.

I live in Colorado where I may shoot a person dead if he is both 1. on my property and 2. I have reasonable cause to beleive he is or is about to commit another crime (against a person or property.)

Interesting. In most of the states who's laws I am familiar with the right to shoot an intruder in your home dead is rested firmly on the assupmtion in the law that someone who is breaking into your home if perfectly willing to use lethal force against you, thus reducing it to a defense against bodily harm case. In most states I believe the simple act of them breaking into your home is sufficient cause for you to reasonably believe they intend to harm you. I've never seen any state provide justification for the use of lethal force based on a justification of defense of property. Perhaps Colorado is different.

I think your opinion is based more on your pacifistic world-view than on any actual facts.

I think perhaps I've not communicated to you clearly. You are perhaps the first person I've encountered who has ever accused me of pacifism. I have no problems whatsoever with the application of force within reasonable limits, as proscibed by law. I also happen to believe that the right to use lethal force against an intruder in your home based upon the assumption that they intended to do you harm is reasonable. That is hardly the point of view of a pacifist.

Well, you have really twisted my example around. Someone actively attacking your computer (network) or actively breaking into your house is not related to your vigilante revenge scenario in any way, so I'll dismiss it out of hand.

Ah... I think I see where some of the confusion is now. Please note the tense I used with the word burgled. Someone currently, actively, burgling your home is a direct threat to your person for which you can reasonably respond with deadly force in most states. Belief that someone has, at some point in the past burgled is quite different as it carries no threat of bodily harm.

The point I was attempting to make is this: those senarios in which the criminal conduct of another person are grounds justifying retaliatory action which is normally proscribed by law are generally limited to cases involving the threat of bodily harm to a person. I know of no examples in US law permitting actions normally proscribed by law being justified by crimes or threats against property ( with the possible exception of your assertion with regard to Colorado state law).