[Dshield] RE: fighting back against CodeRed

Coxe, John B. JOHN.B.COXE at saic.com
Tue Aug 7 17:18:21 GMT 2001

Those negligent morons wouldn't even notice if you patched and rebooted them

I like your argument that you were just making their assault on your host
stop.  LOL  You're right, it would never hold up in court.  But I look at it
like this.  I walk down the street and see a car full of expensive
merchandise from a shopping trip with the door inadvertantly left open.
What's the to complain about locking (so you yourself couldn't compromise
their system/car after that) and closing the door.  (Please don't flame me
on a bad analogy.)

Bottom line is that if we chuck ethics for the good cause here, it becomes a
matter of drawing lines to define good causes rather than fighting the
better definable and less dangerous fight in the long run.

I still do think it would be a good to have a utility to do the clean up and
patching for entities where the TOS and AUP allow or where common ownership
is simply too distributed to make manual intervention practical, as in a
military base, a large company or a college.  Naturally, individuals would
take it upon themselves to rectify other situation beyond ethical bounds.
But if it was a tested and reliable tool from a responsible source, they
take the associated risk in using it and could be pursued legally (as
if....) but with much less common concern.

-----Original Message-----
From: Tod D. Ihde [mailto:toon at jesus-crispie.com]
Sent: Tuesday, August 07, 2001 8:19 AM
To: dshield at dshield.org
Subject: [Dshield] RE: fighting back against CodeRed

The machines are not going to get patched by the owners.

The patch has been out for months.

CodeRed (And II) have been out for days.

Wake up. Responsible people have already patched their boxes. Nobody else
has, or will.

Any quibbling that may come from the owner is easily squashed. "You want I
should have just formatted & rebooted? That was an easier program to write",
and "your box was probing mine. I made it stop."

No they might not hold up in cort, but I'm willing to bet I'm a bigger pr*ck
than anyone who might be stupid enough to try to take me to court over
patching a box they wouldn't patch themselves.


This email posted in pure ASCII,
for your protection.


 * All opinions expressed herein belong to Me. Tod D. Ihde. So there. *   
  *  HTTP://toon.jesus-crispie.com/   HTTP://www.jesus-crispie.com/  *
   *      The average, healthy, well-adjusted adult gets up at      *
    *      seven-thirty in the morning feeling just terrible.      *
     *                              -- Jean Kerr                  *

Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list