[funsec] Re: Malware sharing? People are full of shit [was: Get your computer viruses here!]

Aviram Jenik aviram at beyondsecurity.com
Thu Dec 29 01:57:12 CST 2005

On Thursday, 29 December 2005 00:06, Drsolly wrote:
> This is the "information should be free argument". The reply to that is
> "If you believe that, then please post your credit card and identity
> information on a public site"

I think this is a completely flawed argument.

First, "information wants to be free" doesn't imply FORCING people to share 
information - just ALLOWING them to do so. I don't think Val talked about 
forcing you to share your malware - he just wants to share his.

Second, there's a difference between "information" and "personal information". 
Yes, if you obtained someone's credit card information you should not place 
it online. That has nothing to do with "information" it has to do with the 
right for privacy.

So the question becomes is it "right" or "wrong" to share a certain type of 
information (location of nuclear base plants, the government spending on 
rebuilding Iraq, exploit code that demonstrate a PoC of a vulnerability, 
malware that is found in limited circulation). Most of these cases are not 
'clear cut' and should not be presented that way ("ethically crippled"? 
Common, Nick).

- Aviram

More information about the funsec mailing list