Slashdot Mirror

← Back to Stories (view on slashdot.org)

Including Source for a Potential Hacking Tool?

Posted by Cliff on from the exploits-in-the-wild dept.

rajinder asks: "What are the experiences of Slashdot folk when it comes to including the source code of a security tool in their final year dissertation? I have a project in mind that I want to submit that can be used by admins to evaluate the security of their wireless network(s), but it could just as easily be used for their nefarious purposes. Before I submit the idea, I wanted to see if anyone knew of potential hurdles I would have to face. Anybody ever done something similar? The official rules about what is allowed is available in this PDF [or the HTML version], but I don't see anything relevant to my dilemma (the relevant section is 2.4, page 9) UK university-system specific info would be appreciated, but I plan on carrying on my education in the US, so info from either side of the pond would be good. Does anyone know if I would be able to GPL the code afterwards and put it out there? Would it remain property of the University or the student that wrote it?"

3 of 20 comments (clear)

  1. Academic policy by Anonymous Coward · · Score: 1, Insightful

    final year dissertation

    Doesn't the policy say you're required to include it? Whatever you develop as part of your academic project has to fall within public domain into the university library.

    I would include all the source in the printed copy as Appendix and then distribute the online copy without the Appendix.

  2. Author vs Publish by MountainLogic · · Score: 3, Insightful
    An import question to ask the IAAL types is:

    Is there a differance between authoring (and submitting) vs. publishing (as in what the Uni. dept. will do)?

  3. Repeat After Me by 4of12 · · Score: 4, Insightful

    You are not responsible for what other people chose to do.

    (The number of people leading screwed-up lives or screwing up other peoples' lives, because they don't understand that principle, is vast.)

    That said, there's no reason to leave your tool in ready-made form for nefarious attack that any script kiddie to download and run.

    Since you're producing a professional work, publishing the code in the text of your thesis pretty much guarantees the only people that will get a hold of it will be intelligent and perserving people with an interest in what you've contributed.

    While it's not absolutely foolproof, the set of people who are both intelligent and persevering have better than average ethics, IMHO.

    Exactly the same principles apply to other non-IT information (chemistry, biology, nuclear physics) which can potentially be used for evil purposes.

    The solution is not to try and stuff the genie back into the bottle, but to try to find ways of generating fewer new nefarious people.

    --
    "Provided by the management for your protection."