[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] If Lycos can attack spammer sites, can we all start doing it?

To: "Kyle Maxwell" <krmaxwell@xxxxxxxxx>
To: "n3td3v" <xploitable@xxxxxxxxx>
Subject: Re: [Full-Disclosure] If Lycos can attack spammer sites, can we all start doing it?
From: "Jason Coombs" <jasonc@xxxxxxxxxxx>
Date: Thu, 2 Dec 2004 17:54:57 +0000 GMT

Are we forgetting that there is no such thing as software product liability?

Look at the EULA for the Lycos screen saver.

Even without explicit language in the EULA, Lycos is just a software maker in 
this case. It is the end user who is guilty of an abusive attack -- if anyone 
is. The rate limit per client is set to prevent a single client from crossing 
the attack threshold, so this could be the first test of product liability for 
the intentional creation of zombie armies.

Microsoft, Symantec, and other vendors of products that auto-update have been 
in control of zombie armies for many years, with periodic DoS of the zombies, 
but as of yet no known external impact. Lycos is the first, and they are 
pioneering an odd precedent.

More proof that the nature of capitalism is that anything that can be done that 
might be profitable eventually will be done. This does not bode well for 
nanotechnology and genetic engineering.

Jason Coombs
jasonc@xxxxxxxxxxx

-----Original Message-----
From: Kyle Maxwell <krmaxwell@xxxxxxxxx>
Date: Thu, 2 Dec 2004 08:48:18 
To:n3td3v <xploitable@xxxxxxxxx>
Cc:full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] If Lycos can attack spammer sites, can we all 
start doing it?

On Thu, 2 Dec 2004 03:47:06 +0000, n3td3v <xploitable@xxxxxxxxx> wrote:
> Thought:
> Hey, thanks for the insight. I can't see Lycos introducing the
> screensaver without talking with legal teams first, so surely we can
> presume everything is legal and above board?! Otherwise, why would
> Lycos want to put themselves in a legal tangle? Unless they weighed up
> the legal costs against the profit they would make from the PR stunt,
> from which all I can see, is all this whole thing appears to be.

It's entirely possible that their lawyers cleared it but that doesn't
necessarily make it really above board; if lawyers always agreed on
what was allowed, we wouldn't have so many corporate lawsuits. :) They
may be standing on the principle of "these are just a bunch of website
visits" without taking into account the fact that there's a stated
intent beyond just visiting the sites.

This is probably going to get a lot messier for Lycos before it's all over.

-- 
Kyle Maxwell
[krmaxwell@xxxxxxxxx]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] If Lycos can attack spammer sites, can we all start doing it?
  - From: Vincent Archer

Prev by Date: Re: [Full-Disclosure] RE: Isecom.org ideahamster.org and the hackerhighschool.org
Next by Date: Re: [Full-Disclosure] Re: Full-Disclosure digest, Vol 1 #2093 - 36 msgs
Previous by thread: Re: [Full-Disclosure] If Lycos can attack spammer sites, can we all start doing it?
Next by thread: Re: [Full-Disclosure] If Lycos can attack spammer sites, can we all start doing it?
Index(es):
- Date
- Thread