Full Disclosure mailing list archives

RE: Scandal: IT Security firm hires the author of Sasser worm

From: "Nick Jacobsen" <nick () ethicsdesign com>
Date: Mon, 20 Sep 2004 08:30:59 -0700

I am not disagreeing with that at all - I wholeheartedly agree in fact.  The point of my little rant was that we are 
being told that the easiest way to make the big bucks is to attack a high profile target, which is a dangerous path to 
take - for both the IT industry and the individual.

        -----Original Message----- 
        From: Todd Towles [mailto:toddtowles () brookshires com] 
        Sent: Mon 9/20/2004 8:08 AM 
        To: Nick Jacobsen 
        Cc: 
        Subject: RE: [Full-disclosure] Scandal: IT Security firm hires the author of Sasser worm
        
        

        I agree it is a bad trend, but security is a double edged sword.
        
        Security people are rare in this world, some are good at protection,
        some are good at breaking. But the line between is grey.
        Sometime it is good to have a little of both on your team from a
        security standpoint but project a bad social image.
        
        -----Original Message-----
        From: full-disclosure-admin () lists netsys com
        [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Nick
        Jacobsen
        Sent: Monday, September 20, 2004 9:11 AM
        To: full-disclosure () lists netsys com
        Subject: RE: [Full-disclosure] Scandal: IT Security firm hires the
        author of Sasser worm
        
        Does it not strike anyone that there is a disturbing trend in malicious
        hackers (yes, yes, I know, they are not hackers if they are malicious,
        so call em whatever you want) getting hired to security firms, mainly
        because the "hacker" gets media attention?  It is honestly like we are
        declaring to the world that the best way to get a good paying job in the
        computer security field is to perform some major attack - and get caught
        for it - and then after serving a short sentace, start applying for
        jobs.  I know lots of young people, myself included, that could make
        headlines by performing some act or another of a sensational nature, and
        all that stops us is our own sense of ethics - but those ethics get
        harder and harder to hold as we earn a pittance doing your standard
        boring days work, while some other guy is out there essentially (in my
        mind) having fun doing some detrimental to society, and then getting
        hired at a substantial salary, as a reward.
        This may sound like a rant, and it probably is, but that makes my point
        no less accurate.
        Responses anyone?
        
        Nick Jacobsen
        nick () ethicsdesign com
        
        
                -----Original Message-----
                From: full-disclosure-admin () lists netsys com on behalf of bb
                Sent: Mon 9/20/2004 3:32 AM
                To: Feher Tamas; full-disclosure () lists netsys com
                Cc:
                Subject: Re: [Full-disclosure] Scandal: IT Security firm hires
        the author of Sasser worm
               
               
        
                If he has fulfilled all the obligation of his sentence, whats
        wrong with him
                being allowed to seek gainful employment that plays to his
        skills?
               
                Second chance anyone? Being allowed to learn from his mistakes?
               
               
                ----- Original Message -----
                From: "Feher Tamas" <etomcat () freemail hu>
                To: <full-disclosure () lists netsys com>
                Sent: Monday, September 20, 2004 10:21 AM
                Subject: [Full-disclosure] Scandal: IT Security firm hires the
        author of
                Sasser worm
               
               
                > Hello,
                >
                > The german IT security company "Securepoint" has hired Sven
                > Jaschan, who wrote and spread the Sasser Internet worm,
                > which caused widespread and costly damages to legions of
                > Windows computers.
                >
                > He will work as a developer for security softwares such as
                > firewalls.
                >
                > This is a scandal! Whether or not you like the 250k USD
                > head-hunting bounty which Microsoft Corp. paid to have Mr.
                > Jaschan nailed, he is still a criminal.  Hiring him is a
                > taboo. It is totally unacceptable to picture him as a modern
                > age Robin Hood or freedom fighter. He is a criminal, similar
                > to an arsonist, who sets a house alight and the fire spreads
                > to an entire city.
                >
                > I urge all to boycott the Securepoint and I urge those who
                > suffered losses due to the Sasser worm to sue Securepoint
                > and seek damages. VXing must end and we must send a strong
                > message to teenagers that cracking is not hacking and will
                > not be tolerated.
                >
                > Securepoint website:
                > http://www.securepoint.cc/
                >
                > Info about Sven Jaschan's hiring:
                > http://www.f-secure.com/weblog#00000296
                >
                > Sincerely: Tamas Feher from Hungary.
                >
                > _______________________________________________
                > Full-Disclosure - We believe in it.
                > Charter: http://lists.netsys.com/full-disclosure-charter.html
               
                _______________________________________________
                Full-Disclosure - We believe in it.
                Charter: http://lists.netsys.com/full-disclosure-charter.html
               
        
        _______________________________________________
        Full-Disclosure - We believe in it.
        Charter: http://lists.netsys.com/full-disclosure-charter.html
        

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: Scandal: IT Security firm hires the author of Sasser worm, (continued)
- - - RE: Scandal: IT Security firm hires the author of Sasser worm jamie fisher (Sep 21)
    - Re: Scandal: IT Security firm hires the author of Sasser worm ph0enix (Sep 21)
    - RE: Scandal: IT Security firm hires the author of Sasser worm Fred Newtz (Sep 21)
    - Re: Scandal: IT Security firm hires the author of Sasser worm van Helsing (Sep 21)
    - RE: Scandal: IT Security firm hires the author of Sasser worm Jonathan Rickman (Sep 21)
    - Re: Scandal: IT Security firm hires the author of Sasser worm mis (Sep 21)
    - Re: Scandal: IT Security firm hires the author of Sasser worm Barry Fitzgerald (Sep 21)
    - Secure I&A and data transfer on Solaris 2.5.1 Stephen Taylor (Sep 21)
    - Re: Secure I&A and data transfer on Solaris 2.5.1 Kyle Maxwell (Sep 21)
    - Re: Secure I&A and data transfer on Solaris 2.5.1 Valdis . Kletnieks (Sep 21)
- RE: Scandal: IT Security firm hires the author of Sasser worm Nick Jacobsen (Sep 20)
  - RE: Scandal: IT Security firm hires the author of Sasser worm Fred Newtz (Sep 20)
- RE: Scandal: IT Security firm hires the author of Sasser worm Brad Griffin (Sep 21)
  - RE: Scandal: IT Security firm hires the author of Sasser worm Ron DuFresne (Sep 21)
    - Re: Scandal: IT Security firm hires the author of Sasser worm morning_wood (Sep 22)
    - Re: Scandal: IT Security firm hires the author of Sasser worm van Helsing (Sep 22)
    - Re: Scandal: IT Security firm hires the author of Sasser worm Valdis . Kletnieks (Sep 22)
- RE: Scandal: IT Security firm hires the author of Sasser worm Brad Griffin (Sep 21)
- RE: Scandal: IT Security firm hires the author of Sasser worm Michael Simpson (Sep 22)