[40107] in North American Network Operators' Group
RE: Code Red growth stats
daemon@ATHENA.MIT.EDU (Paul Lantinga)
Wed Aug 1 18:31:54 2001
Message-ID: <05924A4A9DEDAD46A21EE3C8C64B090D5AD2EA@cheetah.zoo.q9networks.com>
From: Paul Lantinga <prl@q9.com>
To: "'Christopher A. Woodfield'" <rekoil@semihuman.com>,
nanog@nanog.org
Date: Wed, 1 Aug 2001 18:30:47 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C11AD9.9E5153F6"
Errors-To: owner-nanog-outgoing@merit.edu
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C11AD9.9E5153F6
Content-Type: text/plain;
charset="iso-8859-1"
> -----Original Message-----
> From: Christopher A. Woodfield [mailto:rekoil@semihuman.com]
>
> heh, maybe someone can take the worm code and use it to apply the IIS
> patch instead of DoS'ing the White House... :)
I'd be really curious as to how the courts in various countries would handle
something like that. Would patching someone else's server or system without
their prior knowledge or consent be considered illegal access? Would it
make a difference to the court if the server or system was actively
attacking[1] your system? "Mr. Judge, I was only using the resources at my
disposal to stop the attack upon my own systems." What if it wasn't
attacking you? How would you all feel if the US FBI or other gov't branch
patched your server without you consenting or knowing? What if someone
proposed that software companies be liable for sloppy coding that allows
this kind of thing to happen so frequently?
I'm guessing that several truckloads of lawyers could live off of something
like that for many years.
Paul LANtinga.
[1] we all know how well defined that is. ;)
------_=_NextPart_001_01C11AD9.9E5153F6
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2650.12">
<TITLE>RE: Code Red growth stats</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2>> -----Original Message-----</FONT>
<BR><FONT SIZE=3D2>> From: Christopher A. Woodfield [<A =
HREF=3D"mailto:rekoil@semihuman.com">mailto:rekoil@semihuman.com</A>]</F=
ONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> heh, maybe someone can take the worm code and =
use it to apply the IIS </FONT>
<BR><FONT SIZE=3D2>> patch instead of DoS'ing the White House... =
:)</FONT>
</P>
<P><FONT SIZE=3D2>I'd be really curious as to how the courts in various =
countries would handle something like that. Would patching =
someone else's server or system without their prior knowledge or =
consent be considered illegal access? Would it make a difference =
to the court if the server or system was actively attacking[1] your =
system? "Mr. Judge, I was only using the resources at my =
disposal to stop the attack upon my own systems." What if it =
wasn't attacking you? How would you all feel if the =
US FBI or other gov't branch patched your server without you consenting =
or knowing? What if someone proposed that software companies be =
liable for sloppy coding that allows this kind of thing to happen so =
frequently?</FONT></P>
<P><FONT SIZE=3D2>I'm guessing that several truckloads of lawyers could =
live off of something like that for many years.</FONT>
</P>
<P><FONT SIZE=3D2>Paul LANtinga.</FONT>
</P>
<P><FONT SIZE=3D2>[1] we all know how well defined that is. =
;)</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C11AD9.9E5153F6--
