lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: hdw at kallisti.se (Anders B Jansson)
Subject: Sasser author

list@...og.org wrote:
> Anders B Jansson wrote:
>> And stop this silly mumbling about Sasser being created as warning or 
>> heads up.
> That's your *interpretation*, not what I said. And this interpretation 
> is *wrong*.
No, it's not an interpretation, it caused havoc, that's a fact.
If it had been designed as a a warning, it would have provided a 
warning, instead of spreading out of control and crashing machines.
> 
>> Sasser was created to create havoc, nothing else.
> ACK. But only unpatched computers were vulnerable - we had no problems 
> here 'cause we've already patched our machines. So, our network was not 
> violated and we had time for more important things then solving problems 
> caused by a worm that could spread because of unpatched computers.

Well good for you, and actually good for us, we had 50.0000+ computers 
patched in time, and the few we missed was a minor nuisance.

It doesn't change the fact that releasing the worm was a criminal act 
and the person who did should face the consequences if his/her actions.

Which leads back to the ever repeating:
Using a bad lock might be a moronic act, but breaking the bad lock is, 
and will always be, a criminal act.

The Sasser author didn't find a vulnerability, nor did he/she report it, 
  he/she wrote a worm to exploit it, nothing else,

And that's a criminal act, and hopefully he/she will get a stiff sentence.

// hdw



Powered by blists - more mailing lists