I'm writting this in response to all those 'white hat' worms being released on the internet...



'White Hat' worms aren't really white hat, only their users can be white hat, they are just worms programmed against 'black hat' worms. They can be used for grey hat purposes, but are still called 'white hat' worms(Ex. using a 'white hat' worm to remove a 'black hat' worm on computers that you don't have permission for).

Most people have this little voice inside their head that tells them to become a hero, someone for the kids to look up to. Why wouldn't you want to be a hero, well Heros are an opinion of someone, not always a good opinion. Using a worm to remove other worms from the entire internet would make you a hero to some, but a "hacker" to others. Once you penetrate into a computers that isn't yours, you suddenly cause the IT department to spend money on that computer for inspection costs, but not every computer has a IT department with it. What if that worm that you sent had a bug in it, that might cause alot of money to be spent to fix it. White hats should only use 'white hat' worms on computers you only have permission for, otherwise your not a white hat. I read an idea to prompt the user to install the patch, but that is still a bad idea. That signature prompt would latter be used by black hats. The point of the promting would be to keep ignorant users safer. Let's just keep the informing the user via E-mail/IM.

The black hat world has many heros in it for the kiddies to admire. In the white hat world, there just isn't much of a place for heros. If your a grey hat, then go right a head. For the white hats out there, just remember keep those 'whit hat' worms on your own network.

Quite so, they take up resources, and mess up your system if they are badly programmed. There is no such thing as a "white hat worm", just some arrogant little "holier than thou" b******d behind them.

The "rules" are simple

1. Don't dare run anything on someone else's system without permission.
2. If you want to be a missionary, join a religious order

my views ;)

White Hat worm == The nightcrawlers I use for fishing bait.

Black Hat worm == All others.

Nuff said.

There are no moralitys, there is no "good or evil" within I/O. This is the dumbest thread I've seen all week.

TheSpecialist:

You said:There are no moralitys, there is no "good or evil" within I/O. This is the dumbest thread I've seen all week.

Until you can acquire the mental perspicacity to assimilate the concept of the difference between right and wrong, why don't you just STFU?

The only thing dumb on this thread has been your post.

Of course these are purely my personal opinions, I cannot speak on behalf of the AO membership, JUPM, the mission statement (please read the opening page) etc..................

Just my worthless opinion of course :p

I know the difference between right and wrong... and the only thing wrong here is your concepts and mentality. I've said it once already, the internet is a medium not a planet.

Its because of people like you I could be fined up to 5000$ each time I decide to go agianst a EULA by replacing a few values to 00 or 90 in a few files on my own hard-drive... infact just by viewing it through a 3rd party program would be enought to get fined and possably arrested.

Why is it I am put in mind of a Marines Corps' officer assessment report.....................?

"Since my last report, this officer has reached rock bottom, ..............and started to dig"?


I know the difference between right and wrong... and the only thing wrong here is your concepts and mentality. I've said it once already, the internet is a medium not a planet.

And a court of law is where you will be sentenced to a spell of reality with bubba?

Its because of people like you I could be fined up to 5000$ each time I decide to go agianst a EULA by replacing a few values to 00 or 90 in a few files on my own hard-drive... infact just by viewing it through a 3rd party program would be enought to get fined and possably arrested.

Yes, sort of..................I would be looking for more like 10-20 or even an "extended tour of duty" :D

This is a security site, please get used to it.................your hippy/yob/gobshite/hick attitude is actually no longer amusing................your anal/excremental obsessionism is not exactly today's news either...................why don't you go play Russian Roulette with a Colt .45 auto..............remember to take a couple of "oiling shots" first :D

:)

And have a very Merry Christmas!

Perhaps a stint in a nice cold cell will teach him to spell POSSIBLY.

I'm curious though at

I know the difference between right and wrong...

and

|The|Specialist is a dangerous criminal and generally not a nice guy, just ask anyone else here.

as posted here => http://www.antionline.com/showthread.php?s=&threadid=264522&perpage=10&pagenumber=2

Is it that you're so immature as to actively choose to be a criminal, or that you simply wish to be thought as one because you think it's 'cool'? Grow up, kid. Come back when you actually have something of real value to contribute.

Please post your opinion of the article and not of each other.
When you do post your opinion, don't post something like this:
Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=264572#post810885) by TheSpecialist
This is the dumbest thread I've seen all week.
If your going to post something like that, be more exact.


TheSpecialist-

Keep this in mind next time you reply,
Thanks

There are no moralitys, there is no "good or evil" within I/O.

Where there are intentions... there is morality. When someone releases code, their purposes could be to gain wealth, status, promote good or evil or whatever among many things. Morality is involved forming those intentions.

The author of Sasser had an evil purpose, and the author of Welchia/Nachi may have had good intentions. The intentions of the latter is the point of the thread.

So, are "Whitehat worms" ethical / good...
While the intentions may be for good, the damage or impact they can have on a network may be worse than the worm they were chasing. In Welchia/Nachi's case, it opened 300+ connections to spread 'round 30 times faster than Blaster... which caused large amounts of congestion. If an author could create a worm that would patch each system in it's path and have absolutely no undesireable side effects on any network or host it enters, then wonderful... MS would have written then for the DCOM and LSASS vulns. But obviously it's impossible to write perfect code, and impossible to write a "whitehat worm" with the intended outcome of good.

There is no Mercy, We create Mercy,
We manufacture it in the parts of our brain that have overgrow our basic reptile instincts,

There is no Murder, We create Murder,
And it matters only to us,
For we are no where,
And this..... Is nothingness

I want to make another point here...
I notice alot of people are against black hats, not saying that's a bad thing.
If we din't have any black hats, alot of us would be out of a job.
For our benefit, shouldn't we embrace black hats as just another person, not blow them off?
The people that don't benefit from black hats, I can see where your coming from.
For the people who benefit, why so harsh?

If we din't have any black hats, alot of us would be out of a job.

Just as a lot of cops would be out of a job if there were no crime?

Not very realistic IMO. They are there, and they will not go away. That does not make what they do right in any shape or form. Remember that security is not just about hacking, it is about asset protection and crime prevention. Really, computers and the internet are just a new environment in which to comit old crimes. For example, fraud has been going on since the days of ledgers and quill pens. :)

People were finding work in IT long before security became such an issue. Anyway this is usually given to the network support/administration guys, so it is frequently an additional burden as opposed to a sole occupation. I think that you overestimate the number of people who "benefit" from black hats.

just a thought

As for your first question. The concept of a "white hat worm" is wrong, but NOT IMMORAL. It is unprofessional, as they are unleashed on environments that the writer has no knowledge of. No IT professional worthy of the name would roll-out new software or an upgrade into a production environment without testing it on a reference machine first.

:)

Plus, by creating one of these worms, you are assuming that people actually want to have their computer's patched. Even saying that your code was 100% correct, most people don't like the idea of something happening on their computer that they don't authorise. Personally I can see the advantages of "whit-hat worms", but only if there are safeguards built in to stop them from getting outside your own network; by that point in time they are merely network distributing patches (if you know what I mean).

But I don't like the point about certain worms being written for evil intent. I dislike the frequent use of evil by people as though there is some solid good and evil. And you have to remember that a lot of people are probably curious to "see what'll happen". Does that make them evil? I would say they are simply naive or misguided.

Anyhow, I apologise if that came over as a rant.

ac

No IT professional worthy of the name would roll-out new software or an upgrade into a production environment without testing it on a reference machine first.

Exepting for the *cough* professionals, at the DWP.

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=264572#post811059) by nihil
They are there, and they will not go away. That does not make what they do right in any shape or form.
I agree that they will never go away, so why so harsh?
If I could, I would remove all crime from the universe, but I'm only on lvl 88.

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=264572#post811059) by nihil
People were finding work in IT long before security became such an issue. Anyway this is usually given to the network support/administration guys, so it is frequently an additional burden as opposed to a sole occupation. I think that you overestimate the number of people who "benefit" from black hats.
There is more people in comp. security then just IT.
You have comp. stores, games, security software, pritty much any software.
There is not alot of dedicated jobs to security, but huge amounts of money are spent on security.

A "White-Hat" worm designed to auto-patch vulnerable systems, IMO, would be no different than a "White-Hat" burglar who was "upgrading the locks" on my house without my permission, or for that matter, the police randomly breaking into my house and forcing me to fix my s***ty locks. It my effing house, and if I want to leave it unlocked, that's my right to do so, regardless of the repercussions. This is one case where I simply do not believe that the needs of the many outweigh the needs of the few. Unless privacy is jealosly guarded and fought for, it will be lost. This is why the civilized nations of the world require a warrant for such an invasion.

A virus is still a virus, regardless of its purpose. It still consumes bandwidth, it still sets of IDS systems, and still requires time and money to investigate. I personally don't care if it's a so called "good virus". There is no such thing.

In other words, the ends cannot justify the means.

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=264572#post811078) by Striek
A virus is still a virus, regardless of its purpose. It still consumes bandwidth, it still sets of IDS systems, and still requires time and money to investigate. I personally don't care if it's a so called "good virus". There is no such thing.
That's like saying there is no such thing as a good hacker.
The point of the article was to tell white hats not to become a "hero" and to use "white hat" worms on computers you have permission for.
I wanted to make sure white hats were not misguided.

Note-Tools can be used for good or bad.

That's like saying there is no such thing as a good hacker.

This is your problem, my friend................you are misunderstanding the word "hacker". In the old days it just meant a highly skilled individual. If we use that definition, then you have three basic sorts:

1. Those who use their skills to do their legitimate jobs (White Hat)
2. Those who use them to satisfy their personal curiosity or interests (Grey Hats)
3. Those who use them for criminal and malicious purposes (Black Hats)

Another scenario: which would you rather have?

1. A virus or worm that takes you a week to sort out? (Black Hat)
2. A software house spends 18 months on a project and produces an application that is useless (why does the UK government IT procurement come to mind :D ) (White Hat)

What I am saying is that there is a difference between software and what it does; and the PEOPLE who created/used it and their motivations.

If you sit down and draw yourself a decision matrix (logic box) I am sure it will become clearer?

Cheers :)

Read the law, end of story.
http://www.panix.com/~eck/computer-fraud-act.html

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=264572#post811107) by nihil
This is your problem, my friend................you are misunderstanding the word "hacker".

I do believe I'm not, but if I'm. What is the "real" definition?

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=264572#post811107) by nihil
If you sit down and draw yourself a decision matrix (logic box) I am sure it will become clearer?

I don't have time for that I'm still on lvl 88, only 2 more years of my life till lvl 89!
And my parents said I would grow up to nothing in my life...I showed them

I do believe I'm not, but if I'm. What is the "real" definition?

Don't you read other people's posts?

In the old days it just meant a highly skilled individual. If we use that definition, then you have three basic sorts:..................


I don't have time for that I'm still on lvl 88, only 2 more years of my life till lvl 89!

A decision matrix for your problem consists of six boxes in the case of hackers, and four boxes in the case of software.............you dont have time to draw ten little boxes, define your parameters, and give them a yes/no?.............. .hell, I wish I were that busy :D

Oh Well :rolleyes:

I'm sorry, but you din't state that's the definition you use.
I think this thread is getting a little worthless and turning into more of a IM conversation.
As long as I got my article across to at least one person, all this was worth my time.

I'll just end with this....I pity the fool who is busier than me.

In the old days it just meant a highly skilled individual. If we use that definition, then you have three basic sorts: Define the old days? Most people who are old enought to remember some first generation computers would remember anything except things being made into such a big scene or frikin' users striving to be something, just being called something that sounds cool, gaining some form of self importance through it all.

I would rather forever be an unknown, nameless, faceless, unskilled, generic computer enthusiast. But for most people on the web, the "l33t h4x0rz", I guess nothing is good enought to fill-in their void... this inferiority complex that each and every one seems to have.

Define the old days?

Well, certainly in the days of DOS a "hack" was a "workaround", and a hacker was someone who was good at providing workarounds. Another expression was "DOS jockey". They were not elitist terms, just an expression of respect for the depth of an individual's knowledge and skill.

The term itself is certainly pre-WWII.............."he could't hack it" certainly goes back to the 1930's

One definition of hack and hacker is pretty much what nihil said:

hack: a complicated workaround which serves a purpose, but the majority of people cannot understand
hacker: someone who creates this workaround and who knows whatever they are doing so well that they can create this "hack"

And like nihil said, it doesn't need to have anything to do with computers. I believe there's some interesting articles on wikipedia (en.wikipedia.org) about the subject if anyone's interested.

ac