This server gets a fair bit of traffic from Code Red infected machines. I am sorely tempted to make a default.ida script which responds to the attempt by connecting to the source machine, and using the Code Red exploit to force it to repair itself. However, being in America, I'm aware that to do so would be to break the (stupid) law.
Two ideas to avoid the (stupid) law have been discussed around here. Firstly, one could put some sort of text on index.html disclaiming in some way - offering it as a service. That way it would no longer be unauthorised access to a computer system, and hence no longer illegal.
The second idea is more of a joke - encrypting the active part of the repair code so that the destination machine decrypts it before running it. Then, when your beneficiary tries to sue you for repairing their machine without authorisation, you could countersue for them having broken your encryption without authorisation, under the DMCA.
[11:30]
|