Re: Could n3td3v win a Pwnie award?

["G. D. Fuego" <gdfuego () gmail com>]

On Fri, Apr 25, 2008 at 10:48 PM, n3td3v <xploitable () gmail com> wrote:

> David, your research was responsible for the SQL Slammer Worm... but
> that makes you elite doesn't it, not a black hat.
>
> No wonder the UK security service is interested in you, but I wouldn't
> call it an achievement, that calls you irresponsible in my view.

David is responsible for the Slammer worm because he discovered the
vulnerability that it used?

Personally I would have placed the blame on either Microsoft's bad
development processes which allowed these types of bugs to be released
undiscovered.  In fact, after Slammer and Code Red worms, Microsoft
implemented a Security Development Lifecycle in order to prevent these types
of bugs going forward.

Or perhaps place the blame on Systems administrators who installed Microsoft
SQL server exposed to the Internet on so many systems, and failed to patch
them in the 6 months after the vulnerability was discovered.

Or perhaps blame the worm writer who turned a vulnerability into code that
made such a large impact on the net.

In fact, if Security Researchers are to blame for any bad uses of the
vulnerabilities they discovered then what are you doing here?  Why should
ANYONE want to take part in your vulnerability notification day if you
believe that the UK Security Service should be tracking these people.
Considering you claim to be so close to them, wouldn't that just be
registering with that agency?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/