I was interested last week to read in The Register about TippingPoint’s success in reverse engineering the executable behind the Kraken botnet, enabling to build a fake server that identified 25,000 infected machines. That left them with a dilemma: Should they fix the infected machines or not? They decided not to.
That was the right decision. Two wrongs don’t make a right. No matter how helpful it might have seemed to intervene, it would have been unethical, illegal and a potential liability. Untested changes always present a degree of risk. You can never be sure what might result. And it’s the thin end of the wedge. Where might such a precedent lead?