[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Scandal: IT Security firm hires the author of Sasser worm

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Scandal: IT Security firm hires the author of Sasser worm
From: Ali Campbell <fdisclosure@xxxxxxxxxxxxxxxxxx>
Date: Mon, 20 Sep 2004 20:04:12 +0100

Bart.Lansing@xxxxxxxxx wrote:

Face it, people who can break security are valuable to those trying to create it.

I would agree with you if this guy had discovered the LSASS vulnerability himself. But if I remember correctly, it was discovered by those clever people at eeye. Now I don't consider myself to be the ultimate coder - the minutae of the Linux do_brk exploit, for example, went way over my head - but I reckon I could have written Sasser given the details of the vulnerability. Writing a worm for a known exploit isn't rocket science.

So yes, I think this is a slap in the face to decent, law abiding programmers everywhere, particularly those who don't have a job.

Ali

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] Scandal: IT Security firm hires the author of Sasser worm
  - From: Bart . Lansing

Prev by Date: RE: [Full-Disclosure] Scandal: IT Security firm hires the author of Sasser worm
Next by Date: RE: [Full-Disclosure] Scandal: IT Security firm hires the author of Sasser worm
Previous by thread: Re: [Full-Disclosure] Scandal: IT Security firm hires the author of Sasser worm
Next by thread: RE: [Full-Disclosure] Scandal: IT Security firm hires the author of Sasser worm
Index(es):
- Date
- Thread