lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: vh at helith.net (van Helsing)
Subject: Scandal: IT Security firm hires the author	of
 Sasser worm

On Tue, 21 Sep 2004 11:29:47 -0500
"Fred Newtz" <fbnewtz@...ston.rr.com> wrote:

> On Tue, 2004-09-21 at 05:08 -0700, Harlan Carvey wrote:
> 
> >The other is a virus writer who used a flaw developed by someone
> >else, and propagated by a meathod that has been used countless times
> >before, and really introduced nothing new.
> 
> So lets say someone did not turn him in and he never got busted.  What
> happens when he goes out and finds a job in the security industry? 
> Does that mean he will work with malicious intent and make all the
> back doors in products that he wants to or would he do his job just
> like everyone else in the world?   He obviously has skills of some
> sort that are valuable.  Maybe he is just doing penetration testing on
> their products, you never know.
> 
> All nitty picky things aside, what about all of the other virus
> writers out there that never got busted?  The hackers and crackers and
> phreaks and everyone else that did something wrong or maybe even
> destroyed some important data.  Does that mean that we already have
> people like that working at security companies or not?  Does that make
> the products of companies who hire virus writers or crackers less
> secure?  Does that mean that the PHACV people do not take their jobs
> seriously?  Does that mean that they can do a better or worse job than
> someone who does not have the desire to beat the system so to speak? 
> I mean there are tons of people out there that are into this scene and
> they obviously will get a job or already have a job somewhere.
> 
> This has been going on for quite some time.  Just look at the LOD/h
> boys and the security consulting firm they started at least 10 years
> ago and what happened to them because people like SWBT totally dogged
> them and warned everyone that they could not be legitimate even though
> they were all convicted and just needed an honest job to go straight
> just like everyone else.  I know some of those guys and they were good
> people.  They were some of the best minds out there and they could
> have done just as good of a job as everyone else.  They had already
> conquered the world in their own way, why not let that knowledge work
> in a good way for people that needed protection from other kids trying
> to do the same thing.  Or worse yet, hired hackers trying to steal
> secrets.
> 
> Saying that no teenager can be reformed is like saying you can't
> change your mind about what to eat for dinner.  I have over 13
> convictions and have been in prison as well as spent more than my fair
> share of time in county jails. However, that has been 10 years now and
> I am integrated into society making my way in life.  All of this
> happened before I turned 21 years old.
> 
> So if I can change then anyone can change.  If you have a 250000 fine
> or whatever coming against you wouldn't you want to work it off so
> that some day in the future you might be able to own a car, or even a
> bicycle?  What about a house or to even get married?  Who would marry
> someone with a debt like he will have very soon?
> 
> Good people do bad things sometime, it is a fact of life.  Deal with
> it.
> 
> Fred

Guys... (and I mean all guys here)
It would be better (also for our english writers here) to stopthinking
about that.
Just "shut up" and THINK before you write something.
What's wrong if I hire somebody who wrote a worm? The worm itself used a
security hole and it was no simple Massmailer.

If you don't start to think about BEFORE you write or answer I imagine
I'll read someday a mail like:
"SCANDAL: HACKERGROUP L0TH FOUNDS A COMPANY CALLED @STAKE WICH IS NOW
PART OF SYMANTEC".

And even Microsoft hire such guys so where is your problem?
The NSA hire also such guys, the german BND does such things too.

Come down guys.. that's life so don't rock the boat because such things.
Why don't I read something: SCANDAL MS DOSN'T PATCH IE HOLE XYZ FOR
ABOUT 8 MONTHS NOW?
So concentrate yourself to the realy importent things.
And now close that topic because it's a waste...

vh
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040921/d8fd5f07/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ