Re: Support the Sasser-author fund started

[Tobias Weisserth <tobias () weisserth de>]

Hi harry,

On Thu, 2004-05-13 at 14:33, harry wrote:
> Tobias Weisserth wrote:
> <snip>
> > I find your "explanation" why this author of a virus should be treated
> > any different than other authors somehow illogical. The Sasser author
> > has done nothing to foster security. So there is really no need for the
> > security scene to support him.
>
> there is one other thing...
>
> he is correct when he says that Microsoft will say it's completely the 
> worm writer's fault.

It IS completely the author's fault. HE wrote it, HE caused the damages
and HE violated German law. As much as MS products suck, MS has done
nothing illegal.

> BUT i think Microsoft should be punished too for 
> having so many security holes. they had to patch it faster.

A patch to this problem has been available for at least two weeks prior
to the release of the worm. So what's your boundary when you speak of
"earlier"? A month? A year? Should the exploitation of a bug be legal if
the vendor doesn't offer a patch in time?! That's the direction you're
pushing here.

> who's fault is it really when you buy a door, you lock it, but a burglar 
> finds a way to easily open it, comes in and tells you...

Nobody asked the "burglar" to do this. He broke law. He caused damages.
And he certainly didn't improve your security by doing so when the door
vendor already offered a patch for your door two weeks ago.

There's just no way you can justify the action of this idiot by blaming
MS.

I say this idiot has to be punished and punished to the full extend law
allows. Maybe this deters other idiots to do the same.

Tobias W.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html