Ethical treatment of Kracken

content.internets, content.quotes
lj-userpic: pl4y with 3vil

Here's an article on an ethical dillema some security researchers are
having: they've infiltrated the largest SPAM botnet in the world, dubbed
Kracken, but they're not sure if it's right for them to 'fix' the infected
computers.

The way this works is that the botnet is composed of thousands upon
thousands of personal computers which have been infected by the Kracken
software/virus/bot/whatever. These infected hosts are called zombies
because the virus/bot sits and listens for commands from some remote server
and then makes the computer do whatever's asked. I'll repeat that:
thousands and thousands of regular home computers are getting instructions
from hackers and performing work for them. It's kind of like Seti-at-home
turned to evil.

These researchers have managed to 'infiltrate' the botnet; presumably
they've found the virus/bot code and were able to learns things about how it
works -- most probably they've learned how to talk to the zombies. If so,
then they have as much control over these machines as the Kracken hackers
do, and they claim to know (vaguely?) 'where' on the Internet these machines
are. So now the question is: do they inject their own code into the botnet
to *fix* it?

On the one hand, killing Kracken would be a good thing. Having that
botnet out there -- thousands and thousands of computers that can be
controlled remotely -- is a rather danegerous thing. And, unless Kracken is
a jealous god who patches his zombie servants, these machines probably have
other vulnerabilities and host other infections. (There are some neat
strories about viruses and rival botnets eating each other, though, which is
a rather fascinating concept; I mean, who wants to share, right?) The
trouble is, patching software isn't really an easy thing to do, and if
you've ever run WindowsUpdate you know that patches can break things, too.
The researchers don't own the infected machines and, strictly speaking,
don't have any right to meddle with them. They also don't know what these
machines are USED for, and it's possibly that some of them coming down from
being patched could be a bad thing. The article goes into it better
than I can here.

I'm linking you through the Digg post mostly because a dozen or so posts
down someone talks about how crazy-smart the Kracken developers much be and
how it makes him sad when programmers use their powers for evil; then he
says, "to quote ol' Uncle Ben, 'with great power comes great
responsibility'" to which someone else says, "We make the best rice." I'm
going to be chuckling about that all day.

(In the end, the real point of this post is just an excuse to say, "they've
learned how to talk to the zombies.")

The Chocolate Factory

So recently I was subjected to re-watching portions of Charlie and the Chocolate Factory
(a movie of which I am less than a fan), and I've always liked the 1971 Willy Wonka and the Chocolate
Factory, and it occured to me that I should maybe read the book(s) these
movies were based on.

Now, what I've always liked most in these movies is (1) it really seems that
Wonka planned everything to happen just as it did and (2) Wonka seems very
much insane -- this second is why I like the 1971 movie versus the modern
retake,because you can't really out-crazy Wilder. (I've also always had an
inexplicable fondness for Veruka Salt.) It's my understanding, though, that
the books are much closer to the modern movie (which I less-than-enjoy). So
my questions are: have any of you read the Wonka books? Do you think
I'd like them, or would I be disappointed? Is it writing on a level I could
appreciate, or is it really written more for children
'young adults'?

Ethical treatment of Kracken (fixed)

content.internets, content.quotes
lj-userpic: pl4y with 3vil

Here's an
article on an ethical dillema some security researchers are having:
they've infiltrated the largest SPAM botnet in the world, dubbed Kracken,
but they're not sure if it's right for them to 'fix' the infected
computers.

The way this works is that the botnet is composed of thousands upon
thousands of personal computers which have been infected by the Kracken
software/virus/bot/whatever. These infected hosts are called zombies
because the virus/bot sits and listens for commands from some remote server
and then makes the computer do whatever's asked. I'll repeat that:
thousands and thousands of regular home computers are getting instructions
from hackers and performing work for them. It's kind of like Seti-at-home
turned to evil.

These researchers have managed to 'infiltrate' the botnet; presumably
they've found the virus/bot code and were able to learns things about how it
works -- most probably they've learned how to talk to the zombies. If so,
then they have as much control over these machines as the Kracken hackers
do, and they claim to know (vaguely?) 'where' on the Internet these machines
are. So now the question is: do they inject their own code into the botnet
to *fix* it?

On the one hand, killing Kracken would be a good thing. Having that
botnet out there -- thousands and thousands of computers that can be
controlled remotely -- is a rather danegerous thing. And, unless Kracken is
a jealous god who patches his zombie servants, these machines probably have
other vulnerabilities and host other infections. (There are some neat
strories about viruses and rival botnets eating each other, though, which is
a rather fascinating concept; I mean, who wants to share, right?) The
trouble is, patching software isn't really an easy thing to do, and if
you've ever run WindowsUpdate you know that patches can break things, too.
The researchers don't own the infected machines and, strictly speaking,
don't have any right to meddle with them. They also don't know what these
machines are USED for, and it's possibly that some of them coming down from
being patched could be a bad thing. The article goes into it better
than I can here, but it seems to me that the head researcher is more
concerned about possible legal liability rather than any true ethics
concern. One researcher makes a point about how they wouldn't feel right
just sending commands to a computer without the user's consent, but I think
that's a weak sort of inhibition. The owner doesn't know they're infected,
they have no real way of being told they're infected, and if they knew they
were infected they assuredly wouldn't choose to STAY infected.

I'm linking you through the Digg post mostly because a dozen or so posts
down someone talks about how crazy-smart the Kracken developers much be and
how it makes him sad when programmers use their powers for evil; then he
says, "to quote ol' Uncle Ben, 'with great power comes great
responsibility'" to which someone else says, "We make the best rice." I'm
going to be chuckling about that all day.

(In the end, the real point of this post is just an excuse to say, "they've
learned how to talk to the zombies.")