lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20040514152334.GA31748@tempest.stormcenter.net>
From: live4java at stormcenter.net (Mister Coffee)
Subject: Sasser author

<various snippage>
> 
> Yes, but is it a crime that should be equated with holding hostages or 
> hijacking airliners?
> 
Obviously no.  Unless the -intent- (which you mention below) was to cause havoc on the internet.

> There is a bogus category of "electronic terrorism", which is being subject to 
> the same aggressive prosecutorial standard that is established for those who 
> perpetrate real crimes of terror.  18 year-old kids, without /intention/ of 
> political or ideological violence against innocents, are being held with the 
> legal gravity of weapons smugglers.  Intention is a key definition of guilt 
> in - at least - British, and US-ian law.
>
Well, we won't go into how skewed some of the sentencing laws are.  More time in jail and bigger fines for trading MP3's than for beating someone up and stealing their money to buy drugs?  Definately messed up.

As for intention . . . the sasser author cann't claim he didn't intend for his worm to exploit vulnerable systems and spread.  
 
> Here you have a social naive, without any experience in life that connects the 
> gravity of consequences to his actions.  Chances are, his life will be pretty 
> much ruined.  That is an equitable outcome, because some Systems 
> Administrators were given a couple of rough days at work?
>
Socially inept or not, he must have had a good idea of the annoyance his worm would cause if it worked.  As for equitable, let's see. . .

Let's give an example.  Someone paints graffiti on the side of my house/barn/apartment/office/whatever.  I could always have the kid imprisoned, but that wouldn't undo the "damage" his act of vandalism did.  So, to make amends, I give him a bucket of paint and a brush, and have him repaint the wall back to its original color.

Sounds fair?  No jail time.  The perp makes amends that are pretty much equal to the "cost" of thier "crime."

Now, let's extend the analogy.  Cleaning up after the worm takes a little time, so we'll have the worm writter clean up after his infections.  At 20 minutes each.  For 5 MILLION (wild assed guesstimate) infected hosts.

Somehow, jailtime doesn't seem right - but it -really- doesn't seem equitable to let the kid walk.  Someone's paying those admins and tech support people to clean up the mess...

Cheers,
L4J
 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ