| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: vh at helith.net (van Helsing) Subject: Sasser author On Thu, 13 May 2004 07:55:01 -0700 (PDT) Andrew Morris <husky_cat@...oo.com> wrote: > This must be a joke. > > Who, with a strait face, can believe that exploiting a > buffer overflow is just the act of an inocent person > using "Microsofts Features". > > If this is not a joke then the author must be a black > hat. The comments alone indicate he/she is an MS > bigot. > > Not that I believe MS is virtuous or the best, but > exploiting a bug in any OS and then claiming that it > is just a normal use of an OS's feature set is > ridiculous. > > If anyone used the trojaned sendmail its no ones > fault, just a feature right?! Maybe I'm a "blackhat" too... But you're to differ STRONGLY between datamanipulation and exploiting a buffer overflow. In case 1 we modify something (e.g. sendmailexample). In case 2 we JUST USE the Software itselfs. Nobody can't arrest you for the misstakes other do... If the sasser-autor will be judged then NOT for exploiting the software. When you're car is open and I take your Wallet it is NOT a theft. It is a pilfer without angreement. That's a difference for the law! ;) So if you exploit something you can't be judged for datamanipulation... So we can say that exploiting something isn't a crime couse you can't be judged for the misstakes other guys make. vh -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040513/c734a54a/attachment.bin
Powered by blists - more mailing lists