lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: tobias at weisserth.de (Tobias Weisserth)
Subject: Support the Sasser-author fund started

Hi harry,

On Thu, 2004-05-13 at 14:33, harry wrote:
> Tobias Weisserth wrote:
> <snip>
> > I find your "explanation" why this author of a virus should be treated
> > any different than other authors somehow illogical. The Sasser author
> > has done nothing to foster security. So there is really no need for the
> > security scene to support him.
> 
> there is one other thing...
> 
> he is correct when he says that Microsoft will say it's completely the 
> worm writer's fault.

It IS completely the author's fault. HE wrote it, HE caused the damages
and HE violated German law. As much as MS products suck, MS has done
nothing illegal.

> BUT i think Microsoft should be punished too for 
> having so many security holes. they had to patch it faster.

A patch to this problem has been available for at least two weeks prior
to the release of the worm. So what's your boundary when you speak of
"earlier"? A month? A year? Should the exploitation of a bug be legal if
the vendor doesn't offer a patch in time?! That's the direction you're
pushing here.

> who's fault is it really when you buy a door, you lock it, but a burglar 
> finds a way to easily open it, comes in and tells you...

Nobody asked the "burglar" to do this. He broke law. He caused damages.
And he certainly didn't improve your security by doing so when the door
vendor already offered a patch for your door two weeks ago.

There's just no way you can justify the action of this idiot by blaming
MS.

I say this idiot has to be punished and punished to the full extend law
allows. Maybe this deters other idiots to do the same.

Tobias W.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ