Re: [Full-Disclosure] Sasser author
From: van Helsing (vh_at_helith.net)
To: email@example.com Date: Thu, 13 May 2004 19:48:21 +0200
On Thu, 13 May 2004 07:55:01 -0700 (PDT)
Andrew Morris <firstname.lastname@example.org> wrote:
> This must be a joke.
> Who, with a strait face, can believe that exploiting a
> buffer overflow is just the act of an inocent person
> using "Microsofts Features".
> If this is not a joke then the author must be a black
> hat. The comments alone indicate he/she is an MS
> Not that I believe MS is virtuous or the best, but
> exploiting a bug in any OS and then claiming that it
> is just a normal use of an OS's feature set is
> If anyone used the trojaned sendmail its no ones
> fault, just a feature right?!
Maybe I'm a "blackhat" too...
But you're to differ STRONGLY between datamanipulation and exploiting a
In case 1 we modify something (e.g. sendmailexample).
In case 2 we JUST USE the Software itselfs.
Nobody can't arrest you for the misstakes other do...
If the sasser-autor will be judged then NOT for exploiting the software.
When you're car is open and I take your Wallet it is NOT a theft.
It is a pilfer without angreement.
That's a difference for the law! ;)
So if you exploit something you can't be judged for datamanipulation...
So we can say that exploiting something isn't a crime couse you can't be
judged for the misstakes other guys make.
Full-Disclosure - We believe in it.
- application/pgp-signature attachment: stored