lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1095697396.2067.14.camel@banshee.mythic.magic>
From: lists at ktabic.co.uk (ktabic)
Subject: Scandal: IT Security firm hires the author
	of Sasser worm

On Mon, 2004-09-20 at 12:18 +0200, adf--at--Code511.com wrote:
> On Sep 20, 2004, at 11:21 AM, Feher Tamas wrote:
> 
> > Hello,
> >
> > The german IT security company "Securepoint" has hired Sven
> > Jaschan, who wrote and spread the Sasser Internet worm,
> > which caused widespread and costly damages to legions of
> > Windows computers.
> >
> what about legions of bad admins and bad coders, isn't it worst and 
> more damagable?

So fix that by getting a guy who knows how to write malware, and hope he
does a better job?
> 
> > He will work as a developer for security softwares such as
> > firewalls.
> >
> > This is a scandal! Whether or not you like the 250k USD
> > head-hunting bounty which Microsoft Corp. paid to have Mr.
> > Jaschan nailed, he is still a criminal.
> Why should he be death sentence for writing virus? Should he no life, 
> no work IF he's responsible?

Well, I vaguely recall laws that state that a convicted criminal isn't
allowed to profit from his crime, even after he has served his sentence.
This does, however, sound like he is profiting from his crime.
Think: would he have been given this job if he hadn't had his named
plastered all over the newspapers?
> 
> >   Hiring him is a taboo. It is totally unacceptable to picture him as 
> > a modern
> > age Robin Hood or freedom fighter. He is a criminal, similar
> > to an arsonist, who sets a house alight and the fire spreads
> > to an entire city.
> >
> ok cool now he's a criminal call the FBI, CCU of Germany and you'll a 2 
> cents reward.
> Hiring hacker/crackers or what ever security experts isn't new and 
> sometimes is part of a marketing plan.

That isn't the point. The points are a) is it ethical, and b) is it
sensible.
And lets face it, marketing is the bane of IT in the first place, so
this just compunds it even more.
He has already proven he is capable and willing of breaking the law. He
probably can again.
If you have a criminal past, you aren't allowed to become a policeman.
More importantly, is it wise of Securepoint to hire someone who is
guilty of cybercrimes when their business is protecting people from
people like him.
Setting a thief to catch a thief is liable to just have your stuff
stolen by a different thief. And ability in one field doesn't transform
into ability in it's opposite.
> 
> > I urge all to boycott the Securepoint and I urge those who
> > suffered losses due to the Sasser worm to sue Securepoint
> > and seek damages. VXing must end and we must send a strong
> > message to teenagers that cracking is not hacking and will
> > not be tolerated.
> Sue the CIO who force companies to use 1 type of OS for user's 
> workstation, sue the admin for not patching IOS, OS, softwares.
> Oh wait... cracking ?? What's the point sasser?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ