lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1084548468.18919.34.camel@wilbur.ir.telekom.yu>
From: rms at telekom.yu (Radule Soskic)
Subject: New therad: sasser, costs, support etc alltogether

I can't post this to all the threads that I would like to, so I'm
opening a new one. 

Follow this:

1. MS is wrongdoing by releasing (and charging for use of) software that
has bugs in it. Users of such software have losses in time/money by
trying to keep up with applying pathches, or just by trying to keep the
uptime high.

2. Admins are wrongdoing by not applying patches to the systems they
maintain. There are losses tied to such misspractice, too.

3. Worm authors are wrongdoing by writing software that propagate
through the networks by exploiting all of the above. Again, the losses
occur in time/money spent to remove the worms from the systems affected.

It is obvious that almost every legal system in the world treats #3 as
crime, while #2 and #1 are broadly tolerated. Noone here is against the
book of law, but it just seems to be in contrast to the natural and
intuitive feeling of justice that majority of people might have
regarding the issues like these. See - only one of the three wrongdoers
is being punished. 

Is it right? Or - is it wrong? 

BTW, I have a funny feeling that damages/losses caused by #3 might very
often be far less than the ones caused by #2 and #1. 

Am I alone?

cikasole




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ