From: Lucas Gonze ((no)
Date: Mon Jul 31 2000 - 09:24:11 PDT
I couldn't agree more that Bugtraq is legitimate - protected -
speech. To me this shows that the issue is genuinely difficult.
Let's say one person writes code that automatically harvests and runs
exploits posted to bugtraq. Then another person, a black hat, posts an
exploit for the sake of having it run by the harvester. Is the poster
protected by the law?
On Mon, 31 Jul 2000, Robert S. Thau wrote:
> Lucas Gonze writes:
> > How about posting a message giving enough details on how to write a
> > run-on-receipt virus that any coder can do the actual writing? Something
> > like "To write a run-on-receipt virus, do ..." Imminent incitement? At
> > some level of detail you are publishing a program in everything but name.
> Full-disclocsure security lists like Bugtraq feature these sorts of
> messages all the time; C source code for buffer-overflow expolits is
> not at all hard to find. Bugtraq in particular is run by and for
> legitimate computer security professionals who view that speech as
> necessary for their jobs, on the theory that you can't discuss how to
> fix a problem without being able to describe the problem itself in
> precise technical detail.
This archive was generated by hypermail 2b29 : Mon Jul 31 2000 - 09:35:54 PDT