Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Scandal: IT Security firm hires the author of Sasser worm

From: Michael Simpson <Michael.Simpson () inveresk com>
Date: Mon, 20 Sep 2004 16:27:20 +0100
it revolves around the issue of who know's what
the arsonist who burns down the city after torching his house doesn't get 
a job with the fire department as anyone can start a fire
young man with ability to code a novel worm (as opposed to script kiddies 
pullin trigger on sploit) is deemed to be highly enough prized or has 
skillz and/or knowledge worth bringing into the tent (always safer to have 
him inside tent pissing out rather than outside pissing in - unless they 
are really bad news in which case u prolly want them in the arms of bubba 
with all their fingers broken)
add into that the huge degree of BS apparent throughout the IMT world and 
it's no wonder that sven got employment
"micro$oft headhunted me for $250,000"
the world's press have been writing his Curriculum Vitae for him since

so he's young and gifted

http://slashdot.org/article.pl?sid=04/09/09/2236216&tid=156&tid=220&tid=1

with a high work rate and demonstrable commitment to a project

http://slashdot.org/article.pl?sid=04/08/02/064259&tid=172&tid=95&tid=201

i may not trust him with regards to his ethics/morals but that may not 
disbar me from giving him a job if i thought he was suitable and indeed 
for some employers not too straight a moral outlook might be preferred
(was it necessary for Clinton to have high moral standards to be a good 
prez of the usa?)
having said that i would keep an eye on him, log everything, rfid his 
food, 24/7 video feed of his keyboard leds being watched by operators 
trained in morse code, etc

thorny subject

mikie




"Nick Jacobsen" <nick () ethicsdesign com> 
Sent by: full-disclosure-admin () lists netsys com
20/09/2004 15:10

To
<full-disclosure () lists netsys com>
cc

Subject
RE: [Full-Disclosure] Scandal: IT Security firm hires the author of Sasser 
worm






Does it not strike anyone that there is a disturbing trend in malicious 
hackers (yes, yes, I know, they are not hackers if they are malicious, so 
call em whatever you want) getting hired to security firms, mainly because 
the "hacker" gets media attention?  It is honestly like we are declaring 
to the world that the best way to get a good paying job in the computer 
security field is to perform some major attack - and get caught for it - 
and then after serving a short sentace, start applying for jobs.  I know 
lots of young people, myself included, that could make headlines by 
performing some act or another of a sensational nature, and all that stops 
us is our own sense of ethics - but those ethics get harder and harder to 
hold as we earn a pittance doing your standard boring days work, while 
some other guy is out there essentially (in my mind) having fun doing some 
detrimental to society, and then getting hired at a substantial salary, as 
a reward.
This may sound like a rant, and it probably is, but that makes my point no 
less accurate.
Responses anyone?
 
Nick Jacobsen
nick () ethicsdesign com
 

                 -----Original Message----- 
                 From: full-disclosure-admin () lists netsys com on behalf of 
bb 
                 Sent: Mon 9/20/2004 3:32 AM 
                 To: Feher Tamas; full-disclosure () lists netsys com 
                 Cc: 
                 Subject: Re: [Full-disclosure] Scandal: IT Security firm 
hires the author of Sasser worm
 
 

                 If he has fulfilled all the obligation of his sentence, 
whats wrong with him
                 being allowed to seek gainful employment that plays to 
his skills?
 
                 Second chance anyone? Being allowed to learn from his 
mistakes?
 
 
                 ----- Original Message -----
                 From: "Feher Tamas" <etomcat () freemail hu>
                 To: <full-disclosure () lists netsys com>
                 Sent: Monday, September 20, 2004 10:21 AM
                 Subject: [Full-disclosure] Scandal: IT Security firm 
hires the author of
                 Sasser worm
 
 
                 > Hello,
                 >
                 > The german IT security company "Securepoint" has hired 
Sven
                 > Jaschan, who wrote and spread the Sasser Internet worm,
                 > which caused widespread and costly damages to legions 
of
                 > Windows computers.
                 >
                 > He will work as a developer for security softwares such 
as
                 > firewalls.
                 >
                 > This is a scandal! Whether or not you like the 250k USD
                 > head-hunting bounty which Microsoft Corp. paid to have 
Mr.
                 > Jaschan nailed, he is still a criminal.  Hiring him is 
a
                 > taboo. It is totally unacceptable to picture him as a 
modern
                 > age Robin Hood or freedom fighter. He is a criminal, 
similar
                 > to an arsonist, who sets a house alight and the fire 
spreads
                 > to an entire city.
                 >
                 > I urge all to boycott the Securepoint and I urge those 
who
                 > suffered losses due to the Sasser worm to sue 
Securepoint
                 > and seek damages. VXing must end and we must send a 
strong
                 > message to teenagers that cracking is not hacking and 
will
                 > not be tolerated.
                 >
                 > Securepoint website:
                 > http://www.securepoint.cc/
                 >
                 > Info about Sven Jaschan's hiring:
                 > http://www.f-secure.com/weblog#00000296
                 >
                 > Sincerely: Tamas Feher from Hungary.
                 >
                 > _______________________________________________
                 > Full-Disclosure - We believe in it.
                 > Charter: 
http://lists.netsys.com/full-disclosure-charter.html
 
                 _______________________________________________
                 Full-Disclosure - We believe in it.
                 Charter: 
http://lists.netsys.com/full-disclosure-charter.html
 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: