Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-Disclosure] Sasser author
From: Tobias Weisserth (tobiasweisserth.de)
Date: Thu May 13 2004 - 15:40:50 CDT
Dear van Helsing (spooky ;-)),
On Thu, 2004-05-13 at 19:48, van Helsing wrote:
> On Thu, 13 May 2004 07:55:01 -0700 (PDT)
> Andrew Morris <husky_catyahoo.com> wrote:
> > This must be a joke.
> > Who, with a strait face, can believe that exploiting a
> > buffer overflow is just the act of an inocent person
> > using "Microsofts Features".
> > If this is not a joke then the author must be a black
> > hat. The comments alone indicate he/she is an MS
> > bigot.
> > Not that I believe MS is virtuous or the best, but
> > exploiting a bug in any OS and then claiming that it
> > is just a normal use of an OS's feature set is
> > ridiculous.
> > If anyone used the trojaned sendmail its no ones
> > fault, just a feature right?!
> Maybe I'm a "blackhat" too...
Maybe indeed. We'll see, won't we?
> But you're to differ STRONGLY between datamanipulation and exploiting a
> buffer overflow.
You're joking, right? Exploiting a buffer overflow won't be possible
without manipulating data and may it be only within the system's memory.
Any exploitation of a bug whatsoever won't be possible without
manipulating data. This is what "exploit" means.
By overwriting memory stacks and executing code that wasn't supposed to
run you have already manipulated data. There isn't anything else
necessary to become a "blackhat". You're a criminal already then.
> In case 1 we modify something (e.g. sendmailexample).
> In case 2 we JUST USE the Software itselfs.
There is a German law against that as well. This is already a federal
felony in Germany.
> Nobody can't arrest you for the misstakes other do...
No, but you CAN be arrested for crimes you committed. And believe me,
you'll BE prosecuted if you get arrested :-)
> If the sasser-autor will be judged then NOT for exploiting the software.
He will be judged for breaking the German law in several cases if the
prosecution is able to prove that he wrote and spread the virus.
> When you're car is open and I take your Wallet it is NOT a theft.
Of course this is theft. At least by legal standards in Germany. I don't
know from what banana republic you are from.
> It is a pilfer without angreement.
That's just another expression for theft :-) Open a German law book and
> That's a difference for the law! ;)
No, not at all. Leaving you door open doesn't make the crime of taking
what is not yours less a theft. The same goes for computer crimes.
> So if you exploit something you can't be judged for datamanipulation...
As soon as your virus changes the content of any part of the system's
memory, be it the RAM or any other medium you have already manipulated
data and are guilty of the corresponding crime. It's as easy as that. In
order to run on the victim's computer the virus has manipulate the
content of the system memory. And if I'm not mistaken it manipulates the
file system when it saves itself to the hard disk so that it's still
there after the next reboot. Sasser MASSIVELY manipulates data.
> So we can say that exploiting something isn't a crime couse you can't be
> judged for the misstakes other guys make.
This is idiotic.
My point stands. Prosecute the author and his partners in crime who
helped him spread the thing. If there is enough solid evidence usable
for the courts lock them away as long as possible according to current
laws. Maybe when they get their rear-ends penetrated by other inmates in
jail they'll rethink messing around with other people's systems. I hope
for them they won't drop the soap in the shower...
Full-Disclosure - We believe in it.