> Can somebody explain to me how this is a bad thing?

Excellent question! I will take a shot at this.

It's about what the government is trying to get away with now, subtley. Find a scapegoat that looks bad to the public and then do something about him. Use whatever means possible to justify action against that person to build case law to justify future injustices to the American public.

In other words, it goes back to how the justice system is suppose to work. First, laws must be written. The definition of a crime (according to California Penal Code (P.C. 15):

A crime or public offense is an act committed or omitted in

violation of a law forbidding or commanding it, and to which is annexed, upon conviction, either of the following punishments:

1. Death;

2. Imprisonment;

3. Fine;

4. Removal from office; or,

5. Disqualification to hold and enjoy any office of honor, trust, or profit in this State.

Which is generally accepted as the definition of a crime in most states (or something like it).

Next, in order for one to be convicted of a crime one has to be found beyond a reasonable doubt by a reasonable citizen that one is guilty of the crime one is being indicted for. This means that the state must find proof that not only did the suspect commit the crime(s) but, according to the majority of laws written, one had to have intent to commit the crime(s) one has been indicted for.

So, does writing some software that may seem to have malintent actually show that the person writing the software really have the intent to use that software wrongfully againt a victim without prior authorization from that victim? The answer to that is, "no". Here is an example. I write a program that by its very nature *seems* to have malintent. However, my true intention is to keep it within my network for my personal use. I wanted to write it for proof of concept. Did I break the law? Well, depends on the law, nowadays, unfortunately. The laws that are written, nowadays, are wrongfully placed into law because they violate our amendments. However, if these laws were not inacted, then no. I would not have broken the law.

Now, I am not sticking up for t0rn. I am sticking up for our rights. We ought not to let the government trample our rights for a little security. What we ought to be doing is taking responsiblity for ourselves and watch our own backs instead of letting the government force security on us.

> T0rn was not written to help you keep your site secure,

How do you know what the author's intent was? I know a lot of people who write applications to exploit vulnerabilities simply to show the authors of the software with the vulnerabilities that there are indeed vulnerabilities.

We shouldn't be ostriches by hiding our heads in a hole when there is a problem that needs to be resolved. In the computer field, you sometimes need to exploit the vulnerabilities to get the vulnerabilities fixed.

>it was designed to break into your site, hide it's tracks, and potientally use your site as a launching point for other bad things. Where is the redeeming social value here?

Again, you are correct. But, then, is it illegal to create a slim-jim, a gun, a knife, etc. do we know for a fact what the intent behind the creators of these devices was? It may seem obvious, but it actually isn't. And I am only using obvious things for examples. There are other devices out there I could use for conceptualization.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/813/16586#16586