| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: hdw at kallisti.se (Anders B Jansson) Subject: Sasser author list@...og.org wrote: > Anders B Jansson wrote: >> And stop this silly mumbling about Sasser being created as warning or >> heads up. > That's your *interpretation*, not what I said. And this interpretation > is *wrong*. No, it's not an interpretation, it caused havoc, that's a fact. If it had been designed as a a warning, it would have provided a warning, instead of spreading out of control and crashing machines. > >> Sasser was created to create havoc, nothing else. > ACK. But only unpatched computers were vulnerable - we had no problems > here 'cause we've already patched our machines. So, our network was not > violated and we had time for more important things then solving problems > caused by a worm that could spread because of unpatched computers. Well good for you, and actually good for us, we had 50.0000+ computers patched in time, and the few we missed was a minor nuisance. It doesn't change the fact that releasing the worm was a criminal act and the person who did should face the consequences if his/her actions. Which leads back to the ever repeating: Using a bad lock might be a moronic act, but breaking the bad lock is, and will always be, a criminal act. The Sasser author didn't find a vulnerability, nor did he/she report it, he/she wrote a worm to exploit it, nothing else, And that's a criminal act, and hopefully he/she will get a stiff sentence. // hdw
Powered by blists - more mailing lists