Full Disclosure mailing list archives
Re: Support the Sasser-author fund started
From: Tobias Weisserth <tobias () weisserth de>
Date: Fri, 14 May 2004 19:12:08 +0200
On Fri, 2004-05-14 at 17:23, Konstantin Gavrilenko wrote:
Tobias, following your logic, the people who found and disclosed the vulnerability that Sasser was abusing should be prosecuted together with the author of the viral code.
Why is that? Did they break German law? Are they responsible by their actions that third parties sustained damages? Did *they* attack by direct or indirect means the systems of third parties? The answer is no. Releasing an advisory in full-disclosure manner is something totally different than writing a virus and spreading it. Say, why do I have to explain these things anyway?! Do you guys have no moral perception at all?!
What is the next stage? Jalining people who write "proof of concept" exploit code?
If a "proof of concept" exploit is released and it illegally manipulates data on third party computers, spreads autonomously and "proves an exploit" against the permission of third parties on their systems, this is an illegal activity and as such should be prosecuted and prosecuted hard.
Punish Fyodor for writing nmap or maybe prosecute the nessus team?
Now you're being irrational. Comparing Sasser to nmap or nessus is a bit far fetched, won't you say? And don't tell me there is no sharp boundary between those two, because nobody ain't going to believe it.
If the guy wrote the code and intentionally released the worm and infected half of the Internet then he is guilty,
He already confessed that at the instant the police searched his house.
but that remains to be proven.
The police has already confiscated and verified that he is the author of Sasser. The police is also investigating leads that friends helped him spread the virus.
Nobody has cancelled the presumtion of innocence yet!
Well, a made confession isn't exactly a very strong presumption of innocence, is it?
My personal opinion is that more blame should be put on M$.
The company is called Microsoft or MS in short. Why don't you use its proper name? And why should blame be put on MS when they released a patch and advised their customers to install the patch two weeks prior to the release of Sasser? There is no law against bad code or bad products but there is law against the abuse and sabotage of computers. Let me get this right for you again: the Sasser author is the bad guy here. He is the reason I have to stay informed about bugs because *he* is exploiting them and not MS. MS doesn't break my computer, it's him and his creation Sasser (Actually this is somehow wrong because I don't have a MS system anymore, but the point is still the same).
But where would the security industry be if not for Microsoft's products :)
Did you know that the Sasser author's mother runs a little IT consultant company? Now you can talk about self-interest... Tobias _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Support the Sasser-author fund started, (continued)
- Re: Support the Sasser-author fund started Tobias Weisserth (May 13)
- Re: Support the Sasser-author fund started harry (May 13)
- Re: Support the Sasser-author fund started Tobias Weisserth (May 13)
- Re[2]: Support the Sasser-author fund started Thierry (May 13)
- Re: Support the Sasser-author fund started Valdis . Kletnieks (May 13)
- Re: Support the Sasser-author fund started Georgi Guninski (May 13)
- Re: Support the Sasser-author fund started Mister Coffee (May 13)
- Re: Support the Sasser-author fund started Valdis . Kletnieks (May 13)
- Re: Support the Sasser-author fund started Tobias Weisserth (May 13)
- Re: Support the Sasser-author fund started harry (May 13)
- Re: Support the Sasser-author fund started Konstantin Gavrilenko (May 14)
- Re: Support the Sasser-author fund started Tobias Weisserth (May 14)
- Re: Support the Sasser-author fund started Georgi Guninski (May 15)
- Re: Support the Sasser-author fund started Shane C. Hage (May 15)
- Re: Support the Sasser-author fund started Mike Roetto (May 15)
- Re: Support the Sasser-author fund started James Bliss (May 15)
- Re: Support the Sasser-author fund started Ron DuFresne (May 16)
- Re: Support the Sasser-author fund started Tobias Weisserth (May 13)
- Re: Support the Sasser-author fund started fd (May 16)
- Re: Support the Sasser-author fund started Seth Alan Woolley (May 16)
- Re: Support the Sasser-author fund started scosol () scosol org (May 16)
- Re: Support the Sasser-author fund started Georgi Guninski (May 16)
- Re: Support the Sasser-author fund started scosol () scosol org (May 17)