The Virus Writer And WiFi
from the and-now-what? dept
Security Focus, which tends to run some great articles, seems to have gotten the WiFi-fear bug all of a sudden. They've written a column, officially called Catching a Virus Writer, which actually just rehashes the fact that a virus writer today just needs to go out, connect to an open WiFi router, release a virus and walk out - and says they will never be caught. This isn't new. People have been talking about it for ages. However, instead of just dredging up the same old argument about what happens when anyone can access WiFi and making people more afraid than they need to be, wouldn't it have been a bit smarter to then take it a step further? The fact that there are open WiFi networks is a fact. It's also not going to change any time soon. The folks who want to remain anonymous for things like virus writing certainly know this - and will continue to take advantage of it. Instead of just getting all worked up about it, how about pointing out the fact that this is why law enforcement needs to learn better methods for tracking down virus writers - and shouldn't just rely on trying to track down where it was released. In fact, at this point, it's unlikely that most attempts to track down viruses bother to look at the technical details of where it was released, because it's likely to be a zombie machine somewhere. Instead, they look for other clues that lead to the culprit - just like normal detectives. Sure, it's completely true that WiFi is open and anyone can access them. The same is true of any retail store's front door. Someone could walk into one of those doors without having to give out their name, steal something and walk out again. Yet, we know this is true, and people tend not to freak out about open doors that don't require identification. They realize they're there for a purpose. Instead, they work on other methods of tracking down people who steal stuff. So, instead of writing up a fear-mongering report about virus writers using WiFi (and actually calling it "how to catch a virus writer"), why not write up a story about methods that really can be used to track down virus writers, such as looking for patterns in the virus that indicate an author or getting his (or her) friends to squeal - just like with regular criminals.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Is *writing* a virus a crime?
I've discovered vulnerabilities, and (prior to recent changes in the law) I've written exploit code, and even published exploits ("Proof of Concept" functional but not self-propagating code) to public mailing lists.
However, I've never launched an exploit against a server other than my own server or isolated willing test targets.
If we assume the crime is in launching the attack, then open WiFi is a serious problem, as it provides the criminal with an anonymous untraceable conduit to commit crimes.
Given that we cannot make the attacks impossible, the alternatives seem to be to:
[ link to this | view in thread ]