This information isn't exactly public yet, so I'm not going to disclose the name of the company.
All I'm wondering is what are some opinions on this? Personally, I think it's a shady business practice...
Company Ethics
- Thread starter wexsmith
- Start date
This information isn't exactly public yet, so I'm not going to disclose the name of the company.
All I'm wondering is what are some opinions on this? Personally, I think it's a shady business practice...
Err, no.
If they write something than exploits an issue, it means they know how to exploit it. If you know what people CAN do, you can then work out how best to STOP them doing it.
How else do you find security holes in things?
Someone has to find these exploits, better it be the companies themselves, so they can then protect us from it.
Sure, they are using it to sell their product, bt how else are they going to show the risks? Is it unethical to crash test a car to show how safe it is/isn't and use that to sell the car (eg: 5* rating on crash tests)
If they write something than exploits an issue, it means they know how to exploit it. If you know what people CAN do, you can then work out how best to STOP them doing it.
How else do you find security holes in things?
Someone has to find these exploits, better it be the companies themselves, so they can then protect us from it.
Sure, they are using it to sell their product, bt how else are they going to show the risks? Is it unethical to crash test a car to show how safe it is/isn't and use that to sell the car (eg: 5* rating on crash tests)
What will be unethical is when they publish working exploit code, usable by script kiddies who would never have been able to code it themselves.
oogabooga
Diamond Member
- Jan 14, 2003
- 7,806
- 3
- 81
one on hand it's shady cause it's them trying to sell their product through means that probally arn't most likely.
on the other hand : it can be an informational tool to genuienly convince people and show that there is a real need.
this seems like the stuff on the first hand, and not the second. Whiel this kind of stuff isn't bad persay, it can definatley be abused.
on the other hand : it can be an informational tool to genuienly convince people and show that there is a real need.
this seems like the stuff on the first hand, and not the second. Whiel this kind of stuff isn't bad persay, it can definatley be abused.
You mean making it useful to people that can impliment fixes? Yeah, that sounds unethical. :roll:
Sounds fair. The company obviously isn't going to release the code to the public.
In my mind I was thinking more along the lines of, "I'm going to test to see if you're wearing a bulletproof vest by shooting you." The crash a car comparison makes more sense since they're trying to make the computer world a safer place.
In my mind I was thinking more along the lines of, "I'm going to test to see if you're wearing a bulletproof vest by shooting you." The crash a car comparison makes more sense since they're trying to make the computer world a safer place.
Does anyone find this incredibly disturbing? They're talking about viruses that can destroy ram modules, by overwriting the information that tells the BIOS what kind of RAM it is. Have viruses extended to hardware?
They could offer to show the code any legit companies creating fixes, without publishing usable exploit code for everyone and anyone to see.
I wouldn't worry about it too much. It only affects non write-protected SPD modules. Although, from recent studies led by my company we've come to the conclusion that about 63% of all RAM modules are left unprotected. Then again...I wasn't part of the study and have no idea how they came up with that number myself.
Just remember this. There isn't much to gain from a hardware virus, other than destruction. It wouldn't affect all the people who own a computer. Most big business would likely be unaffected. You computer would be fine until you restarted if the SPD info was wiped.
TankGuys
Golden Member
- Jun 3, 2005
- 1,080
- 0
- 0
That's a good question you bring up.
It's an obviously bad thing if the company creates the virus, releases it on the world, and then demands money to fix it. That's rather Mad-scientist, comic book villian like.
On the other hand, if you create a virus like this to demonstrate a flaw, so that people will become more concious of it and fix it, that's perhaps a little different. I think it ultimately falls into that "grey" area where it's difficult for anyone to decisively determine if it is completely ethical or not.
It's an obviously bad thing if the company creates the virus, releases it on the world, and then demands money to fix it. That's rather Mad-scientist, comic book villian like.
On the other hand, if you create a virus like this to demonstrate a flaw, so that people will become more concious of it and fix it, that's perhaps a little different. I think it ultimately falls into that "grey" area where it's difficult for anyone to decisively determine if it is completely ethical or not.
If someone released this virus and your PC got infected, and if you are overclocking your system, or at least have all the RAM Timings/CAS/MHz speed/et al, configured manually, would this virus still affect your system?
What about Linux companies? Or other open source groups? We'll see the fixes and be able to create an exploit based on those. It happens all the time. Hiding exploit code changes exactly... NOTHING.
EDIT: That's assuming it is a software issue. If it's a hardware issue it might be different, but I see no reason to hide anything from the public.
Yes. It directly affects the modules themselves. Your computer would run just fine while infected, until you rebooted. At that time your computer would fail to read the SPD information on the modules and fail to boot.
EDIT:
Just to be completely clear. This is entirely a hardware issue. Some companies do not short PIN-7 on their modules or use write-once EEPROMs. This practice leads to unprotected modules that could be affected by an SPD altering virus.
We had Chernobyl a long time ago that could wipe flash BIOS chips - so whats new??? Most of the new baddies are written to take over computers to use for nefarious purposes. Of what use is a dead computer?
.bh.
.bh.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 24K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 19K
-
-
-
Facebook
Twitter