Re: Scandal: IT Security firm hires the author of Sasser worm

[ktabic <lists () ktabic co uk>]

On Mon, 2004-09-20 at 12:18 +0200, adf--at--Code511.com wrote:
> On Sep 20, 2004, at 11:21 AM, Feher Tamas wrote:
>
> > Hello,
> >
> > The german IT security company "Securepoint" has hired Sven
> > Jaschan, who wrote and spread the Sasser Internet worm,
> > which caused widespread and costly damages to legions of
> > Windows computers.
> what about legions of bad admins and bad coders, isn't it worst and 
> more damagable?

So fix that by getting a guy who knows how to write malware, and hope he
does a better job?
> > He will work as a developer for security softwares such as
> > firewalls.
> >
> > This is a scandal! Whether or not you like the 250k USD
> > head-hunting bounty which Microsoft Corp. paid to have Mr.
> > Jaschan nailed, he is still a criminal.
> Why should he be death sentence for writing virus? Should he no life, 
> no work IF he's responsible?

Well, I vaguely recall laws that state that a convicted criminal isn't
allowed to profit from his crime, even after he has served his sentence.
This does, however, sound like he is profiting from his crime.
Think: would he have been given this job if he hadn't had his named
plastered all over the newspapers?
> >   Hiring him is a taboo. It is totally unacceptable to picture him as 
> > a modern
> > age Robin Hood or freedom fighter. He is a criminal, similar
> > to an arsonist, who sets a house alight and the fire spreads
> > to an entire city.
> ok cool now he's a criminal call the FBI, CCU of Germany and you'll a 2 
> cents reward.
> Hiring hacker/crackers or what ever security experts isn't new and 
> sometimes is part of a marketing plan.

That isn't the point. The points are a) is it ethical, and b) is it
sensible.
And lets face it, marketing is the bane of IT in the first place, so
this just compunds it even more.
He has already proven he is capable and willing of breaking the law. He
probably can again.
If you have a criminal past, you aren't allowed to become a policeman.
More importantly, is it wise of Securepoint to hire someone who is
guilty of cybercrimes when their business is protecting people from
people like him.
Setting a thief to catch a thief is liable to just have your stuff
stolen by a different thief. And ability in one field doesn't transform
into ability in it's opposite.
> > I urge all to boycott the Securepoint and I urge those who
> > suffered losses due to the Sasser worm to sue Securepoint
> > and seek damages. VXing must end and we must send a strong
> > message to teenagers that cracking is not hacking and will
> > not be tolerated.
> Sue the CIO who force companies to use 1 type of OS for user's 
> workstation, sue the admin for not patching IOS, OS, softwares.
> Oh wait... cracking ?? What's the point sasser?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html