Slashdot Mirror

← Back to Stories (view on slashdot.org)

All We Want Is Whatever's On Your Machine

Posted by timothy on from the sounds-fair-doesn't-it dept.

kubla2000 writes: "A breathless story about how the best defense against [fill in the blank: piracy, virii, hacking] is a good offense at CNet. What struck me most though is that in the midst of the rant from Timothy Mullen (no stranger to hacking the hack as this story from computerworld magazine shows, was a throw-away line justifying the RIAA and MPAA's appeal to Congress to make it legal to do this! It seems the bandwagons have started rolling. Who's next to jump on?"

19 of 228 comments (clear)

  1. OK, time to fire up the worms... by reezle · · Score: 4, Insightful
    I seem to recall stories of hackers gaiing access to machines, then closing up all the security holes so the machine would stay 'theirs'....

    Who wants to get together and build a worm that does nothing but fix known security problems? We can make it grab all it's data from a chat-room, or web page, so it can stay small, but call upon a large database of known exploits, download them to the machine, and execute them...

    Perhaps self modifying? To take advantage of newer exploits as they are found, so it can continue spreading itself? (Again data taken from IRC or Web URL) Perhaps just several variants of the worm...

    What fun we could have!

    1. Re:OK, time to fire up the worms... by jmp · · Score: 4, Insightful

      And what are the consequences if your worm has just one bug?

      How would you "recall" a faulty worm? Write another worm to chase it and kill it? Get real.

      --
      jmp
    2. Re:OK, time to fire up the worms... by Mercaptan · · Score: 3, Insightful

      That's a great idea.

      And how about in real life? Like contractors should roam the streets and randomly break into peoples' houses to fix things. No biggie right? If you come home and there are guys in tool belts breaking down your walls and moving your stuff around, you should welcome them with open arms, right?

      Oh and we should absolve these roving contractor crews from any associated liablities too. After all, they're doing it for the good of all.

      In the meantime, I'll stick with downloading and implementing fixes from trusted sources, and hiring bonded and insured contractors.

      --
      -- "Sucks to your ass-mar"
  2. Blaming the Victims by Anonymous Coward · · Score: 4, Interesting
    of a virus attack doesn't sound like good public
    policy to me.

    This can't be a good thing: just think of
    the court cases, and the added burden on the legal system.

    Imagine a scenario like this:
    Company A, B, and C are infected with viruses.
    Company A tells Company B to "santize your systems, and stop infecting us, !". Company B has santizied it's system, and tells Company A to "go pound salt".

    Company A, unknowingly infected by Company C but still blaming Company B shuts down Company B's system. Company B is not happy.

    Company B manages to bring it's system back up, and shuts down Company A in retribution.

    Lawsuits ensue. The courts, which could be ruling on citizen's issues instead, (like, say, overruling the DCMA), become backed up with corporate bickering. The citizens lose. Ugly situation.

    And that's not touching on any of the questionable ethics of government sponsored vigilantism. I'll
    leave that flamewar to others -- I imagine things will get quite toasty.

  3. Re:Hack THIS! by DEBEDb · · Score: 4, Funny
    I've started hacking in the early 80s when I aquired an old 80486 compute

    Prior to that, you acquired a time machine, I believe...

    --

    Considered harmful.
  4. What article did Timothy read? by pete-classic · · Score: 5, Insightful
    I don't see where Mullen defends the "DOS for the sake of copyright."

    What he says on the issue is:
    Mullen said his hack-back idea is different because it is designed to improve the security of cyberspace and would not harm any computer systems.
    What he seems to be advocating is decriminalization of defending your computer against an active attack. I tend to agree. It's like saying it isn't theft to take a crowbar away from someone who is using it to jimmy your front door.

    The author has blurred all sorts of lines, viruses and worms, copyright and attack, defense of ones computer and defense of ones IP.

    I'd be interested to hear Mullen's comments on the story.

    -Peter
  5. Legal DOS Attacks by Greyscale · · Score: 3, Interesting

    Wouldn't any DOS-attack against an alleged "offender" also hit the bandwidth/resources of all the innocent systems along the way? I'm not sure how this wouldn't create lots of collateral damage for people who aren't involved.

  6. BlameGame by SimplyCosmic · · Score: 5, Interesting

    We've already seen something akin to this, at least on a small scale.

    Working as a telephone tech support person for a non-tech sector company, Klez was particularly annoying as we would get angry telephone calls from our own corporate executives about how our server based antivirus program wasn't working, as they were getting angry emails from people at other companies telling them to stop sending them the Klez virus.

    All because the damn thing sent false header information and someone outside both companies had been infected, people would continue to blame the wrong parties when their own antivirus program would point them at the wrong culprit, despite all the media stories explaining the damn thing in clear detail.

    We had a number of execs refuse to believe us when we told them their machine was clean, as "obviously" we were wrong according to the people at the other company. Even had one high up try to install her own antivirus program because she didn't trust ours and ended up trashing her computer.

    I just loved the whole telephone support deal during the peak Klez season. :P

    1. Re:BlameGame by DennyK · · Score: 4, Informative

      At the web hosting company I work for, we still get complaints from clients insisting that our mail server must have a virus because people keep sending them mail complaining of Klez attacks from their email addresses. Even explaining to them that their mail account is on a Linux server that can't be infected by Klez doesn't do any good with some of 'em... ;)

      The idea of using worms or exploits to fix holes in systems you don't own, now...I think it's a bad one. The intent might be benign, but the results would likely be ugly. A worm that alters a system enough to close a security hole (even using an "official" patch or hotfix) could do some serious unintentional damage to a machine. Bugs in the worm itself, unusual system configurations, obscure software conflicts...the potential for completely breaking the target system is pretty high.

      Besides which, I don't believe anyone has the right to invade a system they don't own for any reason, benign or otherwise. I am all for convincing the owners of infected machines to clean them up, but there are ways to do this without cracking their systems. Complain to their ISP, their CEO, or someone else who can pull the plug on them until the problem is fixed, if you like. It may not work in all cases, but it can't hurt, and if it doesn't work..well, that's life on the Internet. ;)

      DennyK

  7. Legally tenuous, surely? by Telex4 · · Score: 5, Insightful

    If this article were advocating that people could go on "white-hat" vigilante attacks against people they didn't like, everyone would point out how ridiculous that would be. Well this is really pretty similar, because if you say that it is legal to crack computers causing problems to other computers, then you have all kinds of ways of weasling out of trouble for cracking. Script kiddies would be delighted!

    As usual, this just sidesteps the more important issue which is that of secure software. If Microsoft tied up he bugs in Outlook and finally realised/admitted that secure by default is more important than snazzy and integrated by default, we wouldn't have half these problems. And if the software industry in general were really made to be more careful about its security, we could sit back and relax *a little*.

    This sort of idea does little to prevent malicious scripts, and does a lot of encourage vigilantism, which is exactly the sort of nonsense that just makes things worse, and opens the legal doors to companies cracking into your computer to check if you've written about their products (y'never know lol).

  8. Asking for trouble... by EdMcMan · · Score: 4, Interesting
    Come on, wake up and smell the coffee/pizza/flowers or whatever you want to smell, but there's no way "self defense" cracking is going to become legal. Without someone drawing the lines, the line between cracking and "self defense" will be very blurred:

    "Well, his computer pinged me a few times, so I used a buffer overflow to gain access to his machine, and formatted his harddrive."

    As you can see, there are two issues that are left unresolved: what defines an illegal attack, and what defines an appropriate "counter attack".

    As for this falling under a self-defense part of the law, I would suggest looking at the goal of self-defense: stopping an attack against you. Self defense does not mean kill someone, does not mean detain someone, or anything else. Although it is possible that those could be necessary in an act of self defense, in most cases they are not.

    With all this in mind, take a look at how you can stop the attack on you. The best way would be with a firewall or patching the problem. From there on, you should report the problem to the authorities (ala "real life"), probably being the machine's isp, and possibly the police/fbi.

    Vigilanties are not protected by the law, and their best hope is to convince a jury/judge that they were doing the "right thing". Unfortunately, most of them aren't qualified to make that decision :]

  9. Re:Incoherant headline by Xzzy · · Score: 5, Insightful

    > Is it me, or is this story's headline totally
    > incoherant?

    No, it's cut straight out of 'The Slashdot Guide for Guaranteeing your Submission is Accepted', chapter 2 which discusses creating a sensationalist headline that enables people to leap to conclusions about a story before reading it.

    Bonus points are awarded for managing to make it sound like it's an issue of the man against the little man.

    Cause yeah, I picked that up too.. the headline and following text had almost nothing to do with the actual story.

    I'd suggest the guy submitted before reading the story, but trying to comprehend the lack of thought that would require makes my brain hurt.

  10. Nothing beats faux-intellectual pluralization... by Junior+J.+Junior+III · · Score: 3, Funny

    Surely, you mean "ninjii", don't you?

    --
    You see? You see? Your stupid minds! Stupid! Stupid!
  11. Bugs in Outlook? You ignorant twit by Talez · · Score: 3, Informative

    If Microsoft tied up he bugs in Outlook and finally realised/admitted that secure by default is more important than snazzy and integrated by default

    You mean like Outlook 2K2 in the Office XP suite that keeps its security settings on a setting thats tighter than a fish's asshole by default? That's right. It now assumes every email is out to get you.

    Oh wait, my mistake. This is /. You people don't take notice of anything that Microsoft make less than 5 years old. That's why you still think Windows 98 is Microsoft's pinnacle of stability.

    This is all despite the fact that many (but not all) of the Outlook "viruses" required the user to actually OPEN the emails. Get over it already.

  12. Vigilante justice is not the solution by hagbard5235 · · Score: 5, Insightful
    Vigilante justice is not the solution. When I discover someone has burgled my house, and I have reason to believe I KNOW who did it, that does not entitle me to go break into their house to take my stuff back and avenge myself upon them.

    It's important to remember WHY vigilante actions are generally illegal:

    • They are highly error prone
    • They effectively invalidate all of the accused rights summarily.
    • They lead to chains of criminal behavior that can be hard to unravel.

    I can only think of one set of circumstances in which our culture and law condone vigilante justice: self defense of a human being against bodily harm.

    It is important to remember that computer crime is almost universally property crime. With rare exceptions there is absolutely no danger to the person of a human being posed by computer cracking, and thus no reasonable basis for authorizing vigilante justice.

    1. Re:Vigilante justice is not the solution by hagbard5235 · · Score: 4, Insightful
      In general you have just as much authority to use force to defend another person from violence as you do to defend yourself. Even if you don't know the person.

      Sure, no problem there. I don't see anything in my statements that suggested that you didn't have as much right to use violence to defend someone else from bodily harm as you do to defend yourself from bodily harm.

      I live in Colorado where I may shoot a person dead if he is both 1. on my property and 2. I have reasonable cause to beleive he is or is about to commit another crime (against a person or property.)

      Interesting. In most of the states who's laws I am familiar with the right to shoot an intruder in your home dead is rested firmly on the assupmtion in the law that someone who is breaking into your home if perfectly willing to use lethal force against you, thus reducing it to a defense against bodily harm case. In most states I believe the simple act of them breaking into your home is sufficient cause for you to reasonably believe they intend to harm you. I've never seen any state provide justification for the use of lethal force based on a justification of defense of property. Perhaps Colorado is different.

      I think your opinion is based more on your pacifistic world-view than on any actual facts.

      I think perhaps I've not communicated to you clearly. You are perhaps the first person I've encountered who has ever accused me of pacifism. I have no problems whatsoever with the application of force within reasonable limits, as proscibed by law. I also happen to believe that the right to use lethal force against an intruder in your home based upon the assumption that they intended to do you harm is reasonable. That is hardly the point of view of a pacifist.

      Well, you have really twisted my example around. Someone actively attacking your computer (network) or actively breaking into your house is not related to your vigilante revenge scenario in any way, so I'll dismiss it out of hand.

      Ah... I think I see where some of the confusion is now. Please note the tense I used with the word burgled. Someone currently, actively, burgling your home is a direct threat to your person for which you can reasonably respond with deadly force in most states. Belief that someone has, at some point in the past burgled is quite different as it carries no threat of bodily harm.

      The point I was attempting to make is this: those senarios in which the criminal conduct of another person are grounds justifying retaliatory action which is normally proscribed by law are generally limited to cases involving the threat of bodily harm to a person. I know of no examples in US law permitting actions normally proscribed by law being justified by crimes or threats against property ( with the possible exception of your assertion with regard to Colorado state law).

    2. Re:Vigilante justice is not the solution by hagbard5235 · · Score: 3, Informative
      Faaz,

      The laws on this matter tend to vary from state to state ( as murder, like most crimes, is a state matter in the US ). In two of the states I have resided in ( Indiana and North Carolina ) there is a presumption that if some one breaks into your home they mean you bodily harm. This renders any use of force against them self defense against bodily harm in the eyes of the law. I tend to think this is reasonable. I can't speak to the laws in Colorado, but I would be shocked ( and dismayed ) if defense of property figured into the right to use force to defend yourself against a burglar in anyway.

      What are the laws like in Sweden regarding the use of force against someone who has broken into your home?

    3. Re:Vigilante justice is not the solution by God!+Awful · · Score: 3, Interesting

      "An eye for an eye and the whole world would be blind." -- M. Gandhi

      (And yes, I did write "M. Gandhi" because I don't know how to spell his first name)

      -a

      --
      How to rationalize theft.
  13. Al Quaeda Records by TheSync · · Score: 3, Funny

    "Hi, I'm from Al Quaeda records, and I'm here to hack your computer!"

    Enough said.