IT Employment optimize

Repurposed software: Apps gone rogue

You come up with a dynamite app. Companies are thrilled with it. Next thing you know, your app is used to deny visitors access to a website. Michael Kassner considers repurposed software.

Retaliation by Anonymous for the FBI raid against Megaupload was swift. Within minutes of the take down, several websites were under a Denial of Service (DoS) attack. Via Twitter, Anonymous proclaimed:

"The government takes down Megaupload. 15 minutes later, Anonymous takes down government and record-label sites."

If you'd like, we can discuss the details -- even the politics -- of the attack, but let's do it later in the comment section. Right now, I'd like to examine a subject that doesn't get much visibility.

Repurposed software

To pull off these obviously successful DoS attacks, Anonymous used a software package called Low Orbit Ion Cannon (LOIC). LOIC was originally created to stress-test networks. But once LOIC became part of the public domain, Anonymous and others adapted it for DoS attacks.

Another famous/infamous -- depending on your point of view -- repurposed software application is DVD Decrypter. It was originally developed to create back-up images of DVDs. It did not take long to figure out DVD Decrypter also did a great job decrypting copy-protected movies.

There are other examples, but you get the point.

The problem

I guess I shouldn't be surprised. Throughout history, many devices have been repurposed to do harmful things. Still, it was nagging me. Can't some intelligence be added to software that disables it when being used inappropriately?

I'm betting you programming types are shaking your heads, thinking I'm completely clueless. Still, I felt compelled to find out what my trusted sources thought. I sent an email to several with the following question:

"In the years that I have been covering IT Security, I've reported countless times about well-intentioned applications and test software being repurposed and used against the very people it's supposed to help.

My question: Is it possible to change this? Or, will the debate concerning software usage be similar to that of gun control?"

Here's what they had to say.

Adrienne Porter Felt: I think your gun analogy is an apt one. This problem arises with all vulnerability-detection tools. Typically, their intended use is for developers to find vulnerabilities in their own applications so that they can patch them.

However, the attackers can use the same tools to find security holes. The solution is not to stop producing tools for developers. Attackers are motivated to find bugs regardless of the availability of tools, whereas developers who are not security experts may not find them without the help of tools.

Andre' M. DiMino: Excellent topic. Many security applications can be considered "double edged" swords. These tools are essential to security auditing and testing.

Metasploit comes to mind as one of the most popular tools in this space. I'm not of the opinion that any limitations should be placed on their availability, as I believe that they do more good than harm. However, in the case of Metasploit, I do believe that some discretion should be used when they incorporate an exploit to an unpatched vulnerability.

One aspect that is often overlooked is the punishment and incarceration associated with criminal abuse of networks. This was and should continue to be a key deterrent to the illegal use of legitimate programs.

Johannes B. Ullrich: I use web browsers as an example of a common tool that can be "turned around" to do harm. Most web-application exploits require nothing more then a simple web browser to execute.

I don't think there is a fix to prevent this. Safeguards like rate limiting may help (think about it as only allowing semi-automatic but not full-automatic weapons).

Another often-proposed solution is "fingerprinting" where the tool would create a unique identifier allowing you to determine the attacker. But, just like the often proposed bullet-stamping technology, it is easily defeated and could have unintended privacy consequences.

Lenny Zeltser: Some programs possess capabilities that are more likely to be used for malicious purposes. An example of this is an exploit kit, designed to take advantage of vulnerabilities to gain control over a remote system. However, many attributes of software can be used for good as well as bad, such as remote access to a system, data collection, and even user activity monitoring.

That's why I consider malware to be code that's used to perform malicious actions. This definition of malware focuses on how the program is being used, rather than what it might be capable of. Furthermore, by incorporating the user's intent into the definition of malware, we highlight the fact that behind most malware there is a person, using it to his or her own advantage, usually at the victim's expense.

Rick Moy: I don't think there's a whole lot that can be done to prevent what people do with applications. Anyone can write a different version of something like LOIC. What we can and should do is aggressively improve our defenses. Stephen Groat: As a security community, we have to figure out methods that'll prevent our tools from being malicious. They might not work 100% of the time, but it'll stop most basic attackers. By removing them, we can focus on real threats.

Also, the mystique of hacking has to change. Right now, Anonymous uses LOIC as a participatory botnet, where people allow their computers to be used for illegal purposes. People don't understand the legal and financial ramifications of participating. They believe that "hacking is cool" and they're "fighting the system."

If we can figure out a way to change the current social perception of hacking, we'll have less of a problem with participatory botnets, DoS, and tools like LOIC.

William Francis: People are always going to find ways to take software created for legitimate purposes and misuse it. To stick with your firearm analogy, just as fully automatic weapons are more likely to be used by criminals than duck hunters, certain software is more likely to be adopted by hackers.

So, just as manufacturers of automatic weapons have a responsibility to keep their products out of the wrong hands, software engineers who work with low-level algorithms -- having the potential to be misused -- need to take reasonable measures to keep their software under control.

When I worked in the finance/ATM sector, a lot of care was taken to protect the inner workings of the firmware. We found that running interference caused criminals to look for easier doors to slip through.

Final thoughts

It's time for you to voice your opinion. Is there a solution? And do you have any thoughts as to the effectiveness of the DoS attacks by Anonymous?

I want to thank each of the experts who answered a difficult question. I am humbled by their willingness to help.

Note: Slide above, courtesy of Wikipedia.

About

Information is my field...Writing is my passion...Coupling the two is my mission.

59 comments
shsdarwin
shsdarwin

In the story you make a comparison with Dropbox. However, Dropbox is an online synchronization tool, much more than a file sharing, backup tool. As such, a local copy of any and all files should always be available on your pc/Mac.

Snak
Snak

it has become apparent, through subsequent comments, that most people are aware that it's people, not tools, that are at fault. That was the very point of the hammer comment. No matter what; it's nice to think that one day in the future, people will have become altruistic to the point of never even considering the nefarious opportunity for self enrichment, satisfaction, or oneupmanship that a tool might give. There is only one way to do this, and that is to totally abolish the idea of 'us' and 'them', and whilst you have diversity (of any kind), there will always be 'us' and 'them'. And I seriously doubt there'll ever be a humanity without diversity. There are always two sides to an argument and there'll always be an argument, if there are two sides. So no, I don't think we as a species are enlightened enough to be able to get around the potential for misuse of anything in order to gain a benefit. Find an alternative to money and we may be on the way. Find an alternative to 'power' and we may be getting there. Only have one culture and we may have world peace. The sad fact is, money, power and culture are what drives us. The only thing that I can see that would cause humanity to pull on the same rope in the same direction and for the same objectives would be the introduction of a common enemy - whether that be a catastrophically devastating disease, invasion from off-world, or something else that threatens all of us equally. Without that motivation to work together, we have little hope of ever doing so. This may seem fatalistic and somewhat negative, perhaps even cynical, and I'm sorry about that. Truly.

pgit
pgit

I'm glad to see the general consensus is to NOT restrict availability of software. Just like guns: if you outlaw guns, only outlaws will have guns." The heavy-handed solution is near universally the worst in the long run, yet it's the first thing governments and corporations reach for in most instances. That leads me to believe the agenda is usually something quite different from the stated one.

Murfski-19971052791951115876031193613182
Murfski-19971052791951115876031193613182

You don't reinforce the windows -- you take out the guy who's breaking them. Until the human race becomes rational and civilized, we will be forced to defend ourselves against the barbarians, both external and home-grown. Eliminating the threat is always the best defense. Now all we need is the wisdom, intelligence, and perspicacity to determine where the threat lies....

Michael Kassner
Michael Kassner

I am fortunate to know lots of really smart people who are excited and more than willing to share their expertise.

Dr_Zinj
Dr_Zinj

Funny, but tools being used by hackers to detect vulnerabilities are being used in the manner for which they were intended; to find vulnerabilities. It is the responsibility of the companies, or "victims" to fix those vulnerabilities. If you find your system can't handle the load of a stress test, then I suggest it's you and your second (or third) rate system that's the problem, not the stressers. If you find people breaking into your house through your windows using a pry bar, you don't outlaw pry bars; you reinforce your window.

AnsuGisalas
AnsuGisalas

I think you have a well-rounded set of go-to experts, Michael. If one of them fails the test, that's OK. It's good to know what the opposition is thinking, after all. I've expressed elsewhere* that I do not believe Anonymous to be angels, but that the Establishment in opposition to them inspires even less faith in me. As such, I think it's a very good idea to resist the ideas of that opposition. If Anonymous can goad them into fielding their suggestions, and if the public can be mobilized to tear those suggestions apart - then, overall, we progress. Your question is also very useful. It is inevitable that the pro-control powers will suggest all sorts of back-doors and remotely triggered obsolescence devices. So it is very very useful to collect the testimonies in advance, that this will not work, that it is a hare-brained notion that cannot serve its stated purpose (but which can be abused for unstated purposes, oh yes). Thanks! * http://www.techrepublic.com/forum/discussions/102-374984-3592839

sboverie
sboverie

Color laser printers print a few tiny dots of yellow to help secret service to identify printers used to make counterfit money. One of your experts mentioned "finger printing" at the same time saying that it can be easily defeated. What might help is to embed the MAC address into certain tools that are being used to create distributed denial of service. When a legitimate app tool for checking security is used to attack, the attack would leave bits of information about the originating computer. I read about producers putting microchips in their oil so that if a shipment gets highjacked that the microchips could be used to prove who has the rights to trade the oil. This is a bit behind the idea of imbedding unique information that can be use to find the source of control. The microchip idea works fairly well with lost pets, the hitch is the type of microchip, whether the animal is registered in the owners name and also if the shelters have the time to check the chips.

Michael Kassner
Michael Kassner

You mention: "There is a massive disparity of force and work factor biased in favor of the attackers." Are you referring to how attackers only need one way in, whereas defenders have to protect all possible avenues?

blueberry606
blueberry606

Since the internet is the last final frontier, the wild west if I may, maybe its time to send in a new sherif. We founded the internet on the premise of the wild west, were everyone was free and allwowed to wonder about at will. Maybe its time to hand out everyone social security cards, or permanate I.D.'s to every man woman and child who gains access to the internet. Maybe we could set up check points so users would show their papers before proceeding. Maybe we could use bio metrics or DNA imprints into Mac addresses...Maybe we could implant RFID tags into everyone that could be read by bluetooth scanners on hardware that assecces the internet. Since internet accesss is not in the constitution we can regulate it anyway we want. Oh, but we are working towords all these measures, arent we? As with real weapons, shall we take the ability of the people to fight tyranny and injustice out of the hands of the people? Before you decide to only make the guns(software tools) available to a certain privlaged few, maybe you better ask why they are the only ones who should have access to them.

bob
bob

The last thing we in the security community need are more laws making a difficult job more difficult. It's bad enough that the DMCA prohibitions on "circumvention" are driving U.S. security research offshore. We have a problem in which there is a massive disparity of force and work factor biased in favor of the attackers. The software equivalent of "gun control" might stop a hobbyist but not a well-funded dedicated fraudster or attacker. @flhtc is right in that there are architectural problems that need to be addressed, but it will take a long time to do that. I was on a panel last year with someone who drew the analogy that "The Navy doesn't design a ship with the assumption that water will never get inside the hull." Right now there is almost no intentional design on continuing to operate in degraded modes in the face of compromises. Rather than spending time worrying whether someone will download a tool, those resources would better be spent on hardening our architectures and learning how to operate in a real world where systems get hacked and people have to continue to run a business.

durocshark
durocshark

Crime has been around since the beginning of civilization. Taking something at the expense of someone else isn't new. Destroying something that belongs to someone else isn't new. Only the tools have changed. In 100 years it'll be something else. Restricting access to tools that are used by criminals will not end crime. Take away a criminal's gun, he'll use a knife. Take away the knife, he'll use a stick. Take away the stick, he'll use a rock. Take away the rock, he'll use his bare hands. We should continue fighting the crime, and quit worrying about the tools.

CharlieSpencer
CharlieSpencer

Applications don't 'go rogue' on their own; users take them there.

flhtc
flhtc

Face it, most of the underlying "stuff" the Internet runs on has been around since it's inception. The internet was built by people with good, honest intentions. They had no idea people could suck so much. Fix the transports and protocols, fix the problems. Well, a lot of them anyway.

Michael Kassner
Michael Kassner

You pointed out as a few other members that it is a human nature issue. Are you at all optimistic that some day it will resolve into a solution?

DocPc58
DocPc58

To this close knit group getting into a site taking down a site manipulating software or even have P2P music and movie sites . It boils down to 2 things for them 1. is Supply and demand . As long as people want first run music and movies someone will always try and supply it . And 2 . To these guys its like a game we played as kids called King Of The Mountain who ever cracks a site or has the best is the King for that time untill another comes along . The same analogy applies to those who write malware and viruses ,

gclarkso
gclarkso

The real question is why? Why is it appealing to hurt your neighbor? Am "I" really more important then the next person? It all comes down to just because you can doesn't mean you should. I really don't like doing this, My religion is "my religion" and I don't like preaching but really, a "little white lie", a sin is a sin no matter what. Why do I drive 5 miles an hour over the speed limit? Why? why? why? All these little things add up. At what point am I willing to step out from behind all the little whit lies I use everyday. There is not much difference is there?

joshuaburke
joshuaburke

I think the issue here is the presence of tools vs. the presence of intent. A rock can be used to kill your neighbor or build a house. Regulation will never work because the issue is human nature. Especially in America we have this notion that bad things occur elsewhere and such things like DoS attacks surprise us. The tools are the tools. The "gun" analogy is apt. Regulation has largely failed to prevent crimes but in many cases has emboldened criminals who are now fairly certain that their victims are not reasonably armed. Intent is the key, intent cannot be regulated, only weighed. Software, code bugs, dev tools SDK's all fall within the same jurisdiction of intended use. At least in my way of thinking :-)

Snak
Snak

It can also be used for knocking people in. You are never going to change that. Ever.

jkameleon
jkameleon

>They believe that ???hacking is cool??? and they???re ???fighting the system.??? > If we can figure out a way to change the current social perception of hacking, we???ll have less of a problem with participatory botnets, DoS, and tools like LOIC. Yeah, there is a way: To change the current social perception of system. > To stick with your firearm analogy Bad analogy. Software is far easier to (re)produce than firearms. Regulating it in the same way as the firearms would require unacceptable level of intrusive surveillance.

clk536
clk536

I will start by saying that I am not a programmer, I am an artist. But sometimes someone can look at a situation from another angle and be of help. I was wondering if there could be a way of closing an app from any changes. In some programs you can lock the document from any changes. If something like this could be done for all the code in a program, to lock the code from changes, (like putting a sandwish in a zip-lock and closing it), and, IF someone was able to unlock and get inside to the program's code itself, there was a tracker mechanism that would show the IP address of the one who broke the program's locked barrier. The IP address would be similar to that ink inside a bag of money stolen from a Brink's truck or a bank, and the ink would show who the thief is. Perhaps what I am saying does not make sense or could not be done. But just thought I would offer up the idea for consideration.

Michael Kassner
Michael Kassner

I did not mention Dropbox in the article, can you explain what you mean. As a side note, I would completely lost without Dropbox.

Michael Kassner
Michael Kassner

That you are right and we have a long ways to go. I drift off to Star Trek and how they supposedly had it all figured out on Earth, but then they had to fight most of the galaxy.

AnsuGisalas
AnsuGisalas

Freedom of thought control leads to appreciation of diversity. Diversity is the source of inspiration, of innovation, of empathy. Those that would make us controllable try to makes us fear "the Other". Once we get over that fear, the "I vs the Other" fades into the benevolent "We". Diversity is not anathema to harmony, in fact, it is a prerequisite. B flat and B flat is not a harmony, you see.

Michael Kassner
Michael Kassner

I'm not sure it's fair that you leave your comment open-ended like that.

Michael Kassner
Michael Kassner

I guess I am not opposed to testing for vulnerabilities. It's what they do after they're found that hurts us.

Michael Kassner
Michael Kassner

I had not heard that about microchips in oil. That is something. I suppose they could be RFID and read as the oil flows through a pipe. Thanks for sharing.

Michael Kassner
Michael Kassner

I grew up on western movies and see many similarities. Life was a tad simpler then.

Michael Kassner
Michael Kassner

Do you consider the Internet and apps the same as your examples. Or can they be some how altered to change the outcome?

Michael Kassner
Michael Kassner

You sure have a way to simplify and say a great deal in a few words. Much appreciated.

Michael Kassner
Michael Kassner

I was at university at that time and working with some minuscule part of the expanded ARPA network connecting universities. And, you are right. Security was not a worry. Most times, just getting traffic through was quite a thrill.

Michael Kassner
Michael Kassner

I suspect you have sized up why this is and will continue to be a significant problem.

Michael Kassner
Michael Kassner

You mentioned, "intent cannot be regulated, only weighed." Can you go into what you mean by weighed a bit more. I am interested as to what you mean.

rm.squires
rm.squires

The human race seems to have the remarkable ability to change and society along with it. While this is more evident in more extreme situations, society generally changes at much slower paces, with the right guidance its can change for the better.

Michael Kassner
Michael Kassner

I've used the word never a few times and lived to regret it each time.

Michael Kassner
Michael Kassner

I'd be curious to learn more about changing the perception. I think my using firearms was more to raise awareness of a complicated problem.

joseph_mcmanus
joseph_mcmanus

We are all a little lazy (sometimes) and these guys are NO exception, IF the MAC address of the user who popped the lid on the software. The MAC address of the NIC they're using is unique to that NIC and while IP addresses can be dynamic MAC addresses are not and can be traced. If a black hat had to change their NIC each and every time they executed an exploit or communicated with the fellow conspirators they would either go broke in short order or they would help out the world economy by single-handedly keeping the likes of Cisco, Netgear, et-al in business, and as I said, we are all a little bit lazy, and if they don't change their hardware each and every time we will be able to track and catch them allot easier then trying to find them via their IP. Thought this might help. L8R

AnsuGisalas
AnsuGisalas

Good questions. Look at art. How hard is it to alter a piece of work? One made by another? It's probably not easy to do it non-destructively - but how about if you have skill and craftsmanship equal to or surpassing that of the creator? The bad guys do have the skills. They can reverse-engineer anything we've got, if there's enough money to be made from it. And bits and bytes are a lot more forgiving of the counterfeiter, the brush-strokes of the creator do not make it through the compiler.

HAL 9000
HAL 9000

IP Addresses have not proved very reliable in the past and are far more likely to be Spoofed or similar in the future particularly if the only Evidence Required is them. Not something I would want to see adopted by anyone let alone the Legal System which already has enough problems. We don't need to make things worse. As for Reengineering any Software it's not currently possible as even simple things like Dongels has been overcome for Copy Protection Purposes and that is by no means as necessarily Secure as some think it is. While I adamantly Disagree with the Concept, Intellectual Property Theft is currently controlled to some extent by the Legal System which sort of works to some sort of Degree. The reality however is that anything can be reduced to Source Code reengineered and do what you like if there is someone motivated enough to do it. It's not restricted to Computers or Programming it's a [b]Human Condition[/b] and there is currently no solution. Of course if we where to do away with the Artificial Concept of Money and Power the need to do things like Reengineering Software for different purposes to what it was intended for, for nefarious Actions wouldn't exist as there would be nothing to gain from it but I honestly can not conceive of something like that happening any time in this society. Many things are actually Improved or Created by altering Software and even M$ accepts this as they have made available Developer Editions of the Kinect Software to be altered and produce software that does things that they can not conceive of doing. ;) Col

Michael Kassner
Michael Kassner

You are providing information and ideas. That is what I had hoped for, particularly "outside the box" thinking.

Michael Kassner
Michael Kassner

I always admire your comments. This one has to be close to the best: "Diversity is not anathema to harmony, in fact, it is a prerequisite. B flat and B flat is not a harmony, you see.' Kudos

pgit
pgit

Take the discussion at hand, a useful app gets abused by a few black hats. Politicians get on their high horse and start clamoring for a "solution," it's for the children, if it'll save one life etc etc, it'd be worth shredding the constitution. The "obvious" answer is outlaw the software. So in order to do that, we need to force all ISPs to do deep packet inspection, and keep records on all their customer's usage, of course solely in order to look for telltale packets indicating the use of the outlaw software. Of course there's never any abuse of the measures put in place to "solve" a relatively minor problem. Trust us. We're NOT reading everyone's email now just because we can... Instead of plugging holes being targeted by the black hats, they throw a dragnet over everyone, 99.9999% of them totally innocent, but now devoid any privacy nevertheless. I would submit in the above scenario the excuse for getting unwarranted hands on literally everything is the real goal, stopping the abuse of one piece of software is not the goal, it's the cover story. Happens every last stinking time with government. Take drug testing. I was a corporate pilot in a past life, we were a relatively small group that would run into one another all over the country. One day at lunch in Ohio with 2 helicopter crews for 2 huge insurance companies (the ones with the tallest buildings named after them) the discussion of recent news ensued. Tom Brokaw had just released the narrative meme regarding "random drug testing" on the nightly news the night before: "What are you worried about if you have nothing to hide?" Being slightly more intelligent on average, our bunch was rather insulted by this. It's the exact opposite in a truly free society: you tolerate the few bad apples that slip through the cracks in order the 99.999% innocent population doesn't lose any liberty. The 2 helicopter crews had been shuffling execs in and out of the white house (Reagan) in discussions over this very issue. In the midst of discussion one chimed in (a woman btw) and said in almost a "you silly rabbit!" tone that we were all missing the real reason for the push for random testing: to have an excuse to collect everyone's DNA. They knew the public would go for shredding the constitution if it would "save just one life!!" Compare that to the same senators etc saying that voting for the Viet Nam War, the Gulf war etc etc, not to mention letting GMO foods pollute the chain... all manner of death and mayhem. But everyone is now guilty until proved innocent by peeing in a bottle because it might "save just one life!!!" Insulting, don't you think? This pilot said that within a few years they'd be able to identify all manner of potential diseases from urine, something an insurance company would kill to know... so, "pre-employment drug screening." What do you have to hide? At the time there were several diseases they could identify. One was a disease that a person wouldn't themselves have but they had a 50% chance of any children having this disease, one that doesn't kill, rather the patient needs massive care, day in day out, over what will be a long life. The cost for one patient is in the hundreds of millions. So... candidate A and candidate B applying for a job have perfectly equal qualifications. A has this marker for the potential disease, B does not. Who gets the job? This was told to me to my face by pilots flying execs who had been in on the meetings in the white house on this matter. There have since been laws passed preventing such blatant "genetic discrimination" but if you believe those laws are anything more than cover I have some ocean front property in Nebraska for sale. Every stinking last time, the bastards have a totally evil agenda behind what goes out for public consumption. Bill Gates' foundation just released a new way to sterilize men. Vaccines often do the same, to men and women. GMO foods sterilize mammals. Gates gave one of those "Ted" lectures where he put up an equation on the board to explain how to solve all the world's problems. He started off saying that "obviously" the easiest fix would be to drive this one factor down to zero... that factor was a number representing the human population of the earth. Eugenics is the name of the game. Those people aren't playing for marbles and jacks. Everything on it's surface is a lie. Outlawing software requires draconian means to "monitor" for it's illicit use. The draconian measures were the real goal all along. This same filter applies universally to everything governments and large corporations do, it'll serve you well to simply assume the exact opposite of what they say publicly is true. Believe me, once you know what I do it's hard to keep your mouth shut. I used to regularly bump into congress critters, cabinet members, "staff" of all kinds, and the real power in this country: banking and insurance executives. If you are among the pilot corp they assume your in on the game with them, they tell pilots things they'd never tell their spouses of children. They are running this country into the ground intentionally, have been for over 90 years now from the inside. (political reigns) The end game is near, witness the NDAA and this "enemy expatriation" crap. "In a time of universal deceit - telling the truth is a revolutionary act." So said Eric Blair aka George Orwell. The NDAA, John Warner Defense Reauthorization Act, the USA PATRIOT act... all targeted at those among us who will dare to tell the truth. But the "cover" has been little brown men in caves with box cutters... until very recently. The banksters did it. The totally unconstitutional "federal reserve act" in 1913 was the death blow to human liberty. Scroogle up "union bank." I was a friend of one of it's directors back when. Hope I haven't left any more open ends... :)

durocshark
durocshark

Tools are tools. A hammer is no different than a port scanner. Could we change things to protect the "innocent"? Sure, at the price of usability and privacy. Is that the price we want to pay? A crippled, restrictive, and intrusive internet? And it still wouldn't be 100% successful. Nothing can be. No, we need to see it for what it is. Criminal behavior, not criminal tools.

chadpendley
chadpendley

While America is a nice non-violent place (when compared to say Egypt, Africa, Syria, Iran, Iraq, etc.) it still has many hostile areas. How do you propose to change half a million people? And thats just here in America. What about those other areas that dont live like us? The utopian mentality kills me. I used to believe then I watched Nic Berg die the most gruesome death and thought long and hard about how anyone could change the mindset of those that killed him. I couldnt find a solution. They live and die by violence in that part of the world. It would take hundreds if not thousands of years to change, if it could at all. The mindset is very deeply seated (violence). Not sure what cave your living in but the human race in the middle east doesnt want to change. Change can only happen when a majority wants that change. Otherwise your wasting life time. Which leads to the issue - do most of the folks really want change?

jkameleon
jkameleon

Throwing a couple of Corzine- like people in jail usually helps. If they are too high above the law, tarring and feathering seems to be the next best alternative. I don't know about LOIC etc, but restoring the trust into the system would surely lower the number of participatory bots participants. Firearms and ammo are fairly easy to regulate because ammunition is not easily produced. Necessary chemicals are difficult to obtain, and dangerous to handle. With computer & software development toos, this is obviously not the case. Any restrictions in this area would be like infamous Ceaucescu's typewriter regulation.

clk536
clk536

And greetings to you as well! Your comments are very valid, regarding the comparison between altering a piece of artwork v.s. altering software. There is just more anonymity with altering software. That is the reason I was also talking about the thief being painted with paint who opens the stolen bag of money. I was hoping there was a way to do that digitally. That would pinpoint who the people are, who are doing the software altering.

Michael Kassner
Michael Kassner

Would the switch to IPv6, where everything has its own IP addr change anything?

clk536
clk536

Thank you, Michael, for your kind words.

AnsuGisalas
AnsuGisalas

On top of those very valid points, reverse engineering the tool, sans limitations, is easy. And the criminal powers active on the net have both the manpower and the budget for it. Limiting security testing tools is like saying that the border patrols should be issued rifles with shortened barrels as a gesture of peaceful intentions (it has happened!), all it means is that a would-be aggressor can be confident in superiority of arms, since the lawful users only have the limited apps.

clk536
clk536

People change when they either want to change, or, if they have no other choice but to change. Best case would be to think of a way to make them want to change.

rm.squires
rm.squires

Thanks AnsuGisalas. just think serveral hundred year ago we were just like them building armies fighting each other etc. And yet here we are controlling our violent impulse (to some degree) or finding some other means of venting those feelings than just simply kicking someone ass.

AnsuGisalas
AnsuGisalas

They do want to change. The fascist military regimes that oppress them (whether state, occupiers or tribal structures) are the ones propagating violence, and the ones resisting change. Your failure to see a way, concerning the Nick Berg incident, is exactly that. Your failure. You let yourself lose sight of the humans, focusing only on the beasts. Then, failure complete, you let the humans be represented by, and obscured by the beasts. Humans are not beasts. Even though we wear the same skin, we are not the same. Never forget it, or you'll be one of them, soon enough. After all, it is by obscuring the humans behind the beasts that the military regimes succeed in propagating the violence. Only a fool would believe that "All Americans are the Devil" - yes - only a fool just like yourself - who loses track of humanity in the face of inhumanity. Nothing personal.

AnsuGisalas
AnsuGisalas

don't allow the public to possess weapon-grade bits :D ;)