Re: [Full-Disclosure] Sasser author

From: van Helsing (vh_at_helith.net)
Date: 05/13/04

  • Next message: morning_wood: "Re: [Full-Disclosure] Sasser author" 
    To: full-disclosure@lists.netsys.com
Date: Thu, 13 May 2004 19:48:21 +0200

    On Thu, 13 May 2004 07:55:01 -0700 (PDT)
    Andrew Morris <husky_cat@yahoo.com> wrote:

    > This must be a joke.
    >
    > Who, with a strait face, can believe that exploiting a
    > buffer overflow is just the act of an inocent person
    > using "Microsofts Features".
    >
    > If this is not a joke then the author must be a black
    > hat. The comments alone indicate he/she is an MS
    > bigot.
    >
    > Not that I believe MS is virtuous or the best, but
    > exploiting a bug in any OS and then claiming that it
    > is just a normal use of an OS's feature set is
    > ridiculous.
    >
    > If anyone used the trojaned sendmail its no ones
    > fault, just a feature right?!

    Maybe I'm a "blackhat" too...
    But you're to differ STRONGLY between datamanipulation and exploiting a
    buffer overflow.

    In case 1 we modify something (e.g. sendmailexample).
    In case 2 we JUST USE the Software itselfs.
    Nobody can't arrest you for the misstakes other do...

    If the sasser-autor will be judged then NOT for exploiting the software.
    When you're car is open and I take your Wallet it is NOT a theft.
    It is a pilfer without angreement.
    That's a difference for the law! ;)

    So if you exploit something you can't be judged for datamanipulation...
    So we can say that exploiting something isn't a crime couse you can't be
    judged for the misstakes other guys make.

    vh

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: morning_wood: "Re: [Full-Disclosure] Sasser author"