lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: larry at larryseltzer.com (Larry Seltzer)
Subject: New therad: sasser, costs, support etc alltogether

So society is to blame I guess. This is the same brain-dead logic that concludes that we
shouldn't arrest poor people who commit crimes.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzer@...fdavis.com 
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Radule Soskic
Sent: Friday, May 14, 2004 11:28 AM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] New therad: sasser, costs, support etc alltogether

I can't post this to all the threads that I would like to, so I'm opening a new one. 

Follow this:

1. MS is wrongdoing by releasing (and charging for use of) software that has bugs in it.
Users of such software have losses in time/money by trying to keep up with applying
pathches, or just by trying to keep the uptime high.

2. Admins are wrongdoing by not applying patches to the systems they maintain. There are
losses tied to such misspractice, too.

3. Worm authors are wrongdoing by writing software that propagate through the networks
by exploiting all of the above. Again, the losses occur in time/money spent to remove
the worms from the systems affected.

It is obvious that almost every legal system in the world treats #3 as crime, while #2
and #1 are broadly tolerated. Noone here is against the book of law, but it just seems
to be in contrast to the natural and intuitive feeling of justice that majority of
people might have regarding the issues like these. See - only one of the three
wrongdoers is being punished. 

Is it right? Or - is it wrong? 

BTW, I have a funny feeling that damages/losses caused by #3 might very often be far
less than the ones caused by #2 and #1. 

Am I alone?

cikasole



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ