|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] Scandal: IT Security firm hires the author of Sasser worm
From: Ali Campbell (fdisclosure
alicampbell.org.uk)
Date: Mon Sep 20 2004 - 14:04:12 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bart.Lansingkohls.com wrote:
> Face it, people who can break security are valuable to
> those trying to create it.
I would agree with you if this guy had discovered the LSASS
vulnerability himself. But if I remember correctly, it was discovered by
those clever people at eeye. Now I don't consider myself to be the
ultimate coder - the minutae of the Linux do_brk exploit, for example,
went way over my head - but I reckon I could have written Sasser given
the details of the vulnerability. Writing a worm for a known exploit
isn't rocket science.
So yes, I think this is a slap in the face to decent, law abiding
programmers everywhere, particularly those who don't have a job.
Ali
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]