Re: [Full-Disclosure] Sasser author

[Anders B Jansson <hdw@xxxxxxxxxxx>]

list@xxxxxxxxx wrote:
> Anders B Jansson wrote:
> > And stop this silly mumbling about Sasser being created as warning or 
> > heads up.
> That's your *interpretation*, not what I said. And this interpretation 
> is *wrong*.
No, it's not an interpretation, it caused havoc, that's a fact.
If it had been designed as a a warning, it would have provided a 
warning, instead of spreading out of control and crashing machines.
> > Sasser was created to create havoc, nothing else.
> ACK. But only unpatched computers were vulnerable - we had no problems 
> here 'cause we've already patched our machines. So, our network was not 
> violated and we had time for more important things then solving problems 
> caused by a worm that could spread because of unpatched computers.

Well good for you, and actually good for us, we had 50.0000+ computers 
patched in time, and the few we missed was a minor nuisance.

It doesn't change the fact that releasing the worm was a criminal act 
and the person who did should face the consequences if his/her actions.

Which leads back to the ever repeating:
Using a bad lock might be a moronic act, but breaking the bad lock is, 
and will always be, a criminal act.

The Sasser author didn't find a vulnerability, nor did he/she report it, 
 he/she wrote a worm to exploit it, nothing else,

And that's a criminal act, and hopefully he/she will get a stiff sentence.

// hdw


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html