Re: What to do with a vulerability?

[Blue Boar <BlueBoar () thievco com>]

Jason Coombs wrote:
> Viral vs. non-viral is an unimportant distinction -- if you choose to engage
> in this business, be sure you can document your good intentions and your
> legal forensic procedures because they are your only legal defense against
> prosecution.
>
> Persecution, on the other hand, is a given.

Oh, I dunno.  I think it would be a lot harder to make a case for innocent 
intentions if the code were written in viral/worm form.  In this instance, 
what *appears* to be under discussion is a technique for process hiding. 
That's not even an exploit per se.  On the whole spectrum of programs that 
someone might take offense to, that's not too bad.  I think that the 
question of viruses and worms came up only because the person who made the 
discovery assumes that malicious code would be the main consumer of such a 
technique.

I wish I could simply roll my eyes at your statement that releasing an 
exploit or technique might make one an accessory to a crime, but sadly I 
fear your concern now has a basis, and I can't dismiss it outright anymore.

                                                BB