Easy, easy! Witch hunts have rarely done any good. :-))

What I mean by this is there are probably legitimate uses even if we don't see them right away. I remember that I wanted to write my own telnet client when I started learning Perl a few years ago to add some extra functionality for my personal use (didnīt succeed, though, cause I used a all-but-clever approach :-/, and I never resumed the project). Or I might be interested to write one so I understand the inner workings. There is no reason why I shouldnīt write my own clients, servers and wrappers.

The example jjhorner stated is, of course, a real scenario, but I'd like to add that the first stone should be thrown at the sysadmin of that box that allows anonymous users to install executables (even in their local directory). The minimum he/she should do is to give them a restricted shell.

Another point is that security by obscurity alone will not work. There are also no such thing as a good or a evil tool. It always depends on how you use them. E.g. while I use SAINT to check my boxes for security holes every once in a while another guy uses them to find the holes and break into a computer.

It is my personal believe that publishing security exploits enhances security on the long run as it doesnīt give cracker circles an advantage of knowledge. I remember a post some days ago when a monk pointed out that you should never accept unchecked input from a user (e.g. path names) and was prompted by the original author "any security exploits?"! You see, the holes are out there, the bad boys know them, so spread the word on how itīs done and how to prevent it.

Just my two cents. Feel free to comment on this in public or private (see my home node for the email address).

Andreas