[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040513194821.5ceda154.vh@helith.net>
From: vh at helith.net (van Helsing)
Subject: Sasser author
On Thu, 13 May 2004 07:55:01 -0700 (PDT)
Andrew Morris <husky_cat@...oo.com> wrote:
> This must be a joke.
>
> Who, with a strait face, can believe that exploiting a
> buffer overflow is just the act of an inocent person
> using "Microsofts Features".
>
> If this is not a joke then the author must be a black
> hat. The comments alone indicate he/she is an MS
> bigot.
>
> Not that I believe MS is virtuous or the best, but
> exploiting a bug in any OS and then claiming that it
> is just a normal use of an OS's feature set is
> ridiculous.
>
> If anyone used the trojaned sendmail its no ones
> fault, just a feature right?!
Maybe I'm a "blackhat" too...
But you're to differ STRONGLY between datamanipulation and exploiting a
buffer overflow.
In case 1 we modify something (e.g. sendmailexample).
In case 2 we JUST USE the Software itselfs.
Nobody can't arrest you for the misstakes other do...
If the sasser-autor will be judged then NOT for exploiting the software.
When you're car is open and I take your Wallet it is NOT a theft.
It is a pilfer without angreement.
That's a difference for the law! ;)
So if you exploit something you can't be judged for datamanipulation...
So we can say that exploiting something isn't a crime couse you can't be
judged for the misstakes other guys make.
vh
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040513/c734a54a/attachment.bin
Powered by blists - more mailing lists