Full Disclosure mailing list archives
Re: If Lycos can attack spammer sites, can we all start doing it?
From: "Jason Coombs" <jasonc () science org>
Date: Thu, 2 Dec 2004 17:54:57 +0000 GMT
Are we forgetting that there is no such thing as software product liability? Look at the EULA for the Lycos screen saver. Even without explicit language in the EULA, Lycos is just a software maker in this case. It is the end user who is guilty of an abusive attack -- if anyone is. The rate limit per client is set to prevent a single client from crossing the attack threshold, so this could be the first test of product liability for the intentional creation of zombie armies. Microsoft, Symantec, and other vendors of products that auto-update have been in control of zombie armies for many years, with periodic DoS of the zombies, but as of yet no known external impact. Lycos is the first, and they are pioneering an odd precedent. More proof that the nature of capitalism is that anything that can be done that might be profitable eventually will be done. This does not bode well for nanotechnology and genetic engineering. Jason Coombs jasonc () science org -----Original Message----- From: Kyle Maxwell <krmaxwell () gmail com> Date: Thu, 2 Dec 2004 08:48:18 To:n3td3v <xploitable () gmail com> Cc:full-disclosure () lists netsys com Subject: Re: [Full-disclosure] If Lycos can attack spammer sites, can we all start doing it? On Thu, 2 Dec 2004 03:47:06 +0000, n3td3v <xploitable () gmail com> wrote:
Thought: Hey, thanks for the insight. I can't see Lycos introducing the screensaver without talking with legal teams first, so surely we can presume everything is legal and above board?! Otherwise, why would Lycos want to put themselves in a legal tangle? Unless they weighed up the legal costs against the profit they would make from the PR stunt, from which all I can see, is all this whole thing appears to be.
It's entirely possible that their lawyers cleared it but that doesn't necessarily make it really above board; if lawyers always agreed on what was allowed, we wouldn't have so many corporate lawsuits. :) They may be standing on the principle of "these are just a bunch of website visits" without taking into account the fact that there's a stated intent beyond just visiting the sites. This is probably going to get a lot messier for Lycos before it's all over. -- Kyle Maxwell [krmaxwell () gmail com] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: If Lycos can attack spammer sites, can we all start doing it?, (continued)
- RE: If Lycos can attack spammer sites, can we all start doing it? J.A. Terranson (Dec 05)
- RE: If Lycos can attack spammer sites, can we all start doing it? Michael R. Schmidt (Dec 05)
- RE: If Lycos can attack spammer sites, can we all start doing it? J.A. Terranson (Dec 05)
- Message not available
- Fwd: Re: If Lycos can attack spammer sites, can we all start doing it? Stephen Hunt (Dec 05)
- Re: If Lycos can attack spammer sites, can we all start doing it? bkfsec (Dec 06)
- RE: If Lycos can attack spammer sites, can we all start doing it? Dave D. Cawley (Dec 06)
- Re: If Lycos can attack spammer sites, can we all start doing it? Gregoire Seither (Dec 06)
- Re: If Lycos can attack spammer sites, can we all start doing it? Valdis . Kletnieks (Dec 06)
- Re: If Lycos can attack spammer sites, can we all start doing it? J.A. Terranson (Dec 02)
- Re: If Lycos can attack spammer sites, can we all start doing it? Vincent Archer (Dec 03)