Re: Scandal: IT Security firm hires the author of Sasser worm

[Dries Robberechts <dries () skybel net>]

Dear 'van Helsing',

> Dear Ron...
> The name Ron is very public in america, canada and some other english
> countries so I exspect you're from such a country...
>  
We must be dealing with a mastermind here.

> Please imagine that the autor of Sasser is NO criminal in germany.
>  
... it isn't hard to do?

> He didn't break any german law with the his worm.
>  
That may be so.

> Just the fact that PCs reboot or wont work is something they try to
> judge him for.
>  
No, the fact that the pc, or better, the group of pcs wasn't his.

> But even they try that: They'll fail.
>  
Speaking in the future, when will who fail?

> Companies have to patch their systems so if a company get's infected by
> a worm it can't blame the autor because there's a LAW that companies
> have to secure their networks...
>  
Feel free to share that LAW with us?

> I hope you can NOW imagine why he's no criminal and you're just another
> english-speaking idiot wich dosn't read any german law wich are also
> avaiable (translated in some languages) in english.
>  
I ain't no 'english-speaking idiot' and I haven't read the german law 
either. In fact, I doubt a lot of non-german people read it, as I can't 
hardly imagine myself spending a nice day off reading german lawbooks.

I don't believe that is the point, though.

> And criminals...
> In France it's criminal to write exploits.... w000...
> Ain't we all criminals?
> Remember L0th, Rhino9, 29a, Teso, THC... "criminals" are all around, or?
>  
No 'we' are not all criminals, at least 'I' am not.

> So come down "Mr. Judgeman" and imagine that other countries have other
> laws.
... it isn't hard to do?

> And a little example so that also you can understand it:
>  
We are most grateful.

> You judge somebody for the things he did, ok. But you didn't judge the
> stupid administrators.It's like judging a guy who punshed you... it's
> ok. But you don't judge the policeman who was 2 Meters away?
> Or: You judge the robber but not the guy who dosn't closed the door of
> his car?
> That's why he can't be judged and I hope he will be free.
>  
The scope of the discussion is the guy being hired by that company. 
Whether or not other people are legally guilty of whatever one can come 
up with, I think is not. Ofcourse one can blame people for being stupid 
enough to leave the door open and kindly inviting even the largest 
newbie burglar to sneak in, but does that automatically sets him free? 
You started drawing the analogy with IT Security, so let me go along 
that away. Do you consider a person guilty of not having the necessary 
security when his server is broken into? You can blame someone for being 
stupid, but the burglar still remains the one who broke in. You can 
however legaly blame someone when because of the intrusion 3th party 
material has been stolen, which was kept under the responsibility of the 
guy owning the server.

The question is not necessarily a legal one, but also a business one. It 
might be very accepted in the country he resides in, but what if the 
product he's working one will be sold in computer shops in the country I 
am residing in? Is it a good business plan to hire him, apart from 
anything else that counts.

> And now come down and remember the good old times of Kevin Mitnick
> (another criminal, am I right?).
>  
You are.

> And I hope that even our english speaking readers wont comment this
> topic anymore and close it. Otherwise we can start talking about politic
> and the criminal who's the president of the USA.
>  
So you want to have the last word, which is quite polite. This is fd, as 
long as they stick to the topic, people may respond. Moreover, you want 
this to end by going political. Where did you say you were from, Mr...?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html