RE: [Full-Disclosure] Scandal: IT Security firm hires the author of Sasser worm

• Previous message: ph0enix: "Re: [Full-Disclosure] Scandal: IT Security firm hires the author of Sasser worm"
• In reply to: ktabic: "RE: [Full-Disclosure] Scandal: IT Security firm hires the author of Sasser worm"
• Next in thread: Jonathan Rickman: "RE: [Full-Disclosure] Scandal: IT Security firm hires the author of Sasser worm"
• Reply: Jonathan Rickman: "RE: [Full-Disclosure] Scandal: IT Security firm hires the author of Sasser worm"
• Reply: van Helsing: "Re: [Full-Disclosure] Scandal: IT Security firm hires the author of Sasser worm"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <full-disclosure@lists.netsys.com>
Date: Tue, 21 Sep 2004 11:29:47 -0500

On Tue, 2004-09-21 at 05:08 -0700, Harlan Carvey wrote:

>The other is a virus writer who used a flaw developed by someone else,
>and propagated by a meathod that has been used countless times before,
>and really introduced nothing new.

So lets say someone did not turn him in and he never got busted. What
happens when he goes out and finds a job in the security industry? Does
that mean he will work with malicious intent and make all the back doors in
products that he wants to or would he do his job just like everyone else in
the world? He obviously has skills of some sort that are valuable. Maybe
he is just doing penetration testing on their products, you never know.

All nitty picky things aside, what about all of the other virus writers out
there that never got busted? The hackers and crackers and phreaks and
everyone else that did something wrong or maybe even destroyed some
important data. Does that mean that we already have people like that
working at security companies or not? Does that make the products of
companies who hire virus writers or crackers less secure? Does that mean
that the PHACV people do not take their jobs seriously? Does that mean that
they can do a better or worse job than someone who does not have the desire
to beat the system so to speak? I mean there are tons of people out there
that are into this scene and they obviously will get a job or already have a
job somewhere.

This has been going on for quite some time. Just look at the LOD/h boys and
the security consulting firm they started at least 10 years ago and what
happened to them because people like SWBT totally dogged them and warned
everyone that they could not be legitimate even though they were all
convicted and just needed an honest job to go straight just like everyone
else. I know some of those guys and they were good people. They were some
of the best minds out there and they could have done just as good of a job
as everyone else. They had already conquered the world in their own way,
why not let that knowledge work in a good way for people that needed
protection from other kids trying to do the same thing. Or worse yet, hired
hackers trying to steal secrets.

Saying that no teenager can be reformed is like saying you can't change your
mind about what to eat for dinner. I have over 13 convictions and have been
in prison as well as spent more than my fair share of time in county jails.
However, that has been 10 years now and I am integrated into society making
my way in life. All of this happened before I turned 21 years old.

So if I can change then anyone can change. If you have a 250000 fine or
whatever coming against you wouldn't you want to work it off so that some
day in the future you might be able to own a car, or even a bicycle? What
about a house or to even get married? Who would marry someone with a debt
like he will have very soon?

Good people do bad things sometime, it is a fact of life. Deal with it.

Fred

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: ph0enix: "Re: [Full-Disclosure] Scandal: IT Security firm hires the author of Sasser worm"
• In reply to: ktabic: "RE: [Full-Disclosure] Scandal: IT Security firm hires the author of Sasser worm"
• Next in thread: Jonathan Rickman: "RE: [Full-Disclosure] Scandal: IT Security firm hires the author of Sasser worm"
• Reply: Jonathan Rickman: "RE: [Full-Disclosure] Scandal: IT Security firm hires the author of Sasser worm"
• Reply: van Helsing: "Re: [Full-Disclosure] Scandal: IT Security firm hires the author of Sasser worm"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: gets() is dead ... As in any other area of life, security in ... computer programs has to be weighed against other factors such as ... makes no more sense than saying you must always lock your door. ... (comp.lang.c) Re: [Full-disclosure] iDEFENSE VCP Challenge and botnet technologies ... can any of you wankers tell if this is the same moron with no life ... pathetic waste of life they are. ... mentions gobbles these days. ... Security, the groundbreaking revelations of the well known Dr. ... (Full-Disclosure) Re: [fw-wiz] Is NAT in OpenBSD PF UPnP enabled or Non UPnP? ... >> of measurable security benefit. ... > manage a network which was formed years before UPnP was invented. ... is trustworthy and what makes it one way or another. ... I could try and preempt the entire discussion by saying unless you've ... (Firewall-Wizards) RE: IDS vs. IPS deployment feedback ... While I can appreciate what you are saying, ... IDS vs. IPS deployment feedback ... An IPS must be part of a larger security ... and is for the sole use of the intended recipient. ... (Focus-IDS) Re: Reset root password ... >> from different departments) saying they don't care for security at all. ... it could be time for an IT manager to have a talk with the ... If it's not for some reason (admin left the ... (comp.os.linux.security)