lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <414F29AC.2050005@alicampbell.org.uk>
From: fdisclosure at alicampbell.org.uk (Ali Campbell)
Subject: Scandal: IT Security firm hires the author
 of  Sasser worm

Bart.Lansing@...ls.com wrote:

> Face it, people who can break security are valuable to 
> those trying to create it.

I would agree with you if this guy had discovered the LSASS 
vulnerability himself. But if I remember correctly, it was discovered by 
those clever people at eeye. Now I don't consider myself to be the 
ultimate coder - the minutae of the Linux do_brk exploit, for example, 
went way over my head - but I reckon I could have written Sasser given 
the details of the vulnerability. Writing a worm for a known exploit 
isn't rocket science.

So yes, I think this is a slap in the face to decent, law abiding 
programmers everywhere, particularly those who don't have a job.

Ali

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ