lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040513194821.5ceda154.vh@helith.net>
From: vh at helith.net (van Helsing)
Subject: Sasser author

On Thu, 13 May 2004 07:55:01 -0700 (PDT)
Andrew Morris <husky_cat@...oo.com> wrote:

> This must be a joke.
> 
> Who, with a strait face, can believe that exploiting a
> buffer overflow is just the act of an inocent person
> using "Microsofts Features".
> 
> If this is not a joke then the author must be a black
> hat. The comments alone indicate he/she is an MS
> bigot. 
> 
> Not that I believe MS is virtuous or the best, but
> exploiting a bug in any OS and then claiming that it
> is just a normal use of an OS's feature set is
> ridiculous.
> 
> If anyone used the trojaned sendmail its no ones
> fault, just a feature right?!

Maybe I'm a "blackhat" too...
But you're to differ STRONGLY between datamanipulation and exploiting a
buffer overflow.

In case 1 we modify something (e.g. sendmailexample).
In case 2 we JUST USE the Software itselfs.
Nobody can't arrest you for the misstakes other do...

If the sasser-autor will be judged then NOT for exploiting the software.
When you're car is open and I take your Wallet it is NOT a theft.
It is a pilfer without angreement.
That's a difference for the law! ;)

So if you exploit something you can't be judged for datamanipulation...
So we can say that exploiting something isn't a crime couse you can't be
judged for the misstakes other guys make.


vh
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040513/c734a54a/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ