lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: ebowser at i-trap.net (Eric Bowser)
Subject: M$ puts bounty out for Blaster and
	Sobigculprits

Too true, and I admit anything I write is probably swiss-cheese crap for
several iterations whenever I try something new or improved.

What I was attempting to say is that when you live in the ghetto and get
robbed because you forgot to lock your door, /SOME/ of the blame falls
on you.

Just my view.  I hate to start a flame war or a snowball this topic into
9000 posts, mail me directly if you wish.


On Wed, 2003-11-05 at 12:31, Corey Hart wrote:
> To write flawed code is one thing.  To write code to expose flawed code
> is another thing.  To write code to take advantage of the flawed code and
> to cause damage to machines all over the world is a crime and the person
> who wrote that should be brought to justice.
> 
> My 2 cents.
> 
> 
> Eric Bowser wrote:
> 
> > What about a bounty for the original engineer who wrote the flawed OS
> > components?
> >
> > On Wed, 2003-11-05 at 10:02, Vic Vandal wrote:
> > > M$ is offering $250K for info leading to the arrest of those
> > > who released Blaster and/or Sobig.  See the details here:
> > > http://news.com.com/2100-7355_3-5102110.html?tag=nefd_top
> > >
> > > One outcome of this will be severely limiting bragging about
> > > pulling off such sploits.
> > > And one would think those actually guilty should be real busy
> > > right now erasing any/all evidence (that they didn't take care
> > > of long ago).
> > >
> > > Maybe M$ should put out a bounty for reporting bugs in their
> > > crappy software without going public instead.  That might be
> > > more effective.
> > >
> > > Peace,
> > > Vic
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.netsys.com/full-disclosure-charter.html
> > --
> > Eric J. Bowser
> > 330.658.9858 direct
> > 330.658.0123 fax
> >
> > i-TRAP Internet Security Services
> > 888-658-TRAP toll-free
> > 330.658.1040 local
> > www.i-trap.net
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> 
> 
-- 
Eric J. Bowser 
330.658.9858 direct 
330.658.0123 fax 

i-TRAP Internet Security Services 
888-658-TRAP toll-free 
330.658.1040 local 
www.i-trap.net

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ