Full Disclosure mailing list archives

Re: Scandal: IT Security firm hires the author of Sasser worm

From: Ali Campbell <fdisclosure () alicampbell org uk>
Date: Mon, 20 Sep 2004 20:04:12 +0100

Bart.Lansing () kohls com wrote:

Face it, people who can break security are valuable tothose trying to create it.

I would agree with you if this guy had discovered the LSASSvulnerability himself. But if I remember correctly, it was discovered bythose clever people at eeye. Now I don't consider myself to be theultimate coder - the minutae of the Linux do_brk exploit, for example,went way over my head - but I reckon I could have written Sasser giventhe details of the vulnerability. Writing a worm for a known exploitisn't rocket science.

So yes, I think this is a slap in the face to decent, law abidingprogrammers everywhere, particularly those who don't have a job.


Ali

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: Scandal: IT Security firm hires the author of Sasser worm, (continued)
- - RE: Scandal: IT Security firm hires the author of Sasser worm Michael Simpson (Sep 20)
  - Re: Scandal: IT Security firm hires the author of Sasser worm Samir Kelekar (Sep 20)
    - RE: Scandal: IT Security firm hires the author of Sasser worm Fred Newtz (Sep 20)
    - RE: Scandal: IT Security firm hires the author of Sasser worm Paul Schmehl (Sep 20)
    - Re: Scandal: IT Security firm hires the author of Sasser worm Jack Repenning (Sep 20)
  - Re: Scandal: IT Security firm hires the author of Sasser worm ASB (Sep 20)
  - Re: Scandal: IT Security firm hires the author of Sasser worm Jim Race (Sep 21)
- RE: Scandal: IT Security firm hires the author of Sasser worm Todd Towles (Sep 20)
  - Re: Scandal: IT Security firm hires the author of Sasser worm KF_lists (Sep 20)
  - RE: Scandal: IT Security firm hires the author of Sasser worm Bart . Lansing (Sep 20)
    - Re: Scandal: IT Security firm hires the author of Sasser worm Ali Campbell (Sep 20)
    - RE: Scandal: IT Security firm hires the author of Sasser worm Harlan Carvey (Sep 20)
    - RE: Scandal: IT Security firm hires the author of Sasser worm Larry Seltzer (Sep 20)
    - Re: Scandal: IT Security firm hires the author of Sasser worm Barry Fitzgerald (Sep 21)
    - RE: Scandal: IT Security firm hires the author of Sasser worm Larry Seltzer (Sep 21)
    - RE: Scandal: IT Security firm hires the author of Sasser worm Henrik Persson (Sep 21)
    - RE: Scandal: IT Security firm hires the author of Sasser worm ktabic (Sep 21)
    - RE: Scandal: IT Security firm hires the author of Sasser worm Harlan Carvey (Sep 21)
    - RE: Scandal: IT Security firm hires the author of Sasser worm ktabic (Sep 21)
    - RE: Scandal: IT Security firm hires the author of Sasser worm jamie fisher (Sep 21)
    - Re: Scandal: IT Security firm hires the author of Sasser worm ph0enix (Sep 21)

(Thread continues...)