When Security Exploits Have Exploits
from the piling-on dept
We've talked in the past about how security software sometimes needs security software itself -- but what about security exploits? A popular scam these days among some script kiddies is to lock up important data on someone's computer unless they pay an extortion fee to release the data. Of course, it should come as no surprise that these exploits have exploits of their own... as one security firm discovered this week, releasing the universal password that will unlock your data should you happen to get caught by one of these scams. Apparently, all you need to know is: mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw. Of course, it's not surprising to find out the a script kiddie scam has exploits, but it does suggest a different kind of race for some security companies. Instead of just focusing on patches, look for ways to break the scam software itself.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
The script kiddies could sue the security firm for this!
[ link to this | view in chronology ]
Re:
With that in mind, it will probably happen. Because we’re full of sue-happy idiots here in America.
[ link to this | view in chronology ]
Re: Re:
While someone could file a lawsuit for this (and thus, you could say someone was sued for stopping their illegal activity), the case would undoubtedly be dismissed the second the presiding judged stopped laughing himself out of his seat.
[ link to this | view in chronology ]
DMCA
[ link to this | view in chronology ]
Re: DMCA
No. According to the dirty hands doctrine, certain aspects of the criminal and civil laws do not apply to persons engaged in criminal activities.
As an example, even if you sign a contract with a prostitute that says you pay her in advance for 12 'sessions' and she refuses to provide any services, you cannot sue her for breach of contract or for fraud. (Assuming this happens in the 99% of the USA that prohibits prostitution.)
While I haven't heard of a DMCA case being dismissed or lost because of the dirty hands docrtine so far, I can pretty much guarantee that someone who commits several federal felonies will run afoul of it.
[ link to this | view in chronology ]
Lovin It
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
who knows what would happen if they found your collection of bear traps, all armed and ready..;)
[ link to this | view in chronology ]
Re:
The neighbor's act was illegal, but for the greater good. It's an argument of justice versus ethics.
A security guard hitting a bank robber is well within his legal rights, and it's *mostly* ethical (it's his job and what general society expects him to do). To me, reverse engineering software (even malware) is not within anyone's legal rights, even though it may be considered ethical.
In my opinion, justice should always win.
[ link to this | view in chronology ]
Ransomware...
"Maybe it’s a good thing, but in the long run, I don’t see how “ransomware” could really make it in the long run. If people are going to find work arounds to software from companies like Microsoft and Adobe with billions of dollars invested in anti-pirating efforts, I doubt even the best “ransomware” virus would last before someone cracked it."
http://gen.newrandom.com
[ link to this | view in chronology ]
Messed up legal system? YES
The right to sue - Priceless
who wants to guess how long it is before Techdirt is reporting the story of the ransomware creators suing under the DCMA?
I say 120 days...
[ link to this | view in chronology ]
suing burglers
A man was on the roof of a school in California (25+ yrs ago), in the progress of committing burglery. The roof's access ladders were protected by "Authorized personnel only" signs. He tripped over, and fell through, a skylight in the dark, landing in the building below - breaking his back. He sued, saying that the school district should have placed warning signs to alert persons on the roof to the presence of the skylight. Not only did he win, but his case went all the way to the Supreme Court, AND WAS UPHELD!!
[ link to this | view in chronology ]
Re: suing burglers
[ link to this | view in chronology ]
Judges
[ link to this | view in chronology ]
All I know is...
[ link to this | view in chronology ]
Re: All I know is...
[ link to this | view in chronology ]
Oh Really
[ link to this | view in chronology ]
Interesting
[ link to this | view in chronology ]
[ link to this | view in chronology ]