Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-Disclosure] Scandal: IT Security firm hires the author of Sasser worm
From: Dries Robberechts (driesskybel.net)
Date: Wed Sep 22 2004 - 07:52:09 CDT
Dear 'van Helsing',
>The name Ron is very public in america, canada and some other english
>countries so I exspect you're from such a country...
We must be dealing with a mastermind here.
>Please imagine that the autor of Sasser is NO criminal in germany.
... it isn't hard to do?
>He didn't break any german law with the his worm.
That may be so.
>Just the fact that PCs reboot or wont work is something they try to
>judge him for.
No, the fact that the pc, or better, the group of pcs wasn't his.
>But even they try that: They'll fail.
Speaking in the future, when will who fail?
>Companies have to patch their systems so if a company get's infected by
>a worm it can't blame the autor because there's a LAW that companies
>have to secure their networks...
Feel free to share that LAW with us?
>I hope you can NOW imagine why he's no criminal and you're just another
>english-speaking idiot wich dosn't read any german law wich are also
>avaiable (translated in some languages) in english.
I ain't no 'english-speaking idiot' and I haven't read the german law
either. In fact, I doubt a lot of non-german people read it, as I can't
hardly imagine myself spending a nice day off reading german lawbooks.
I don't believe that is the point, though.
>In France it's criminal to write exploits.... w000...
>Ain't we all criminals?
>Remember L0th, Rhino9, 29a, Teso, THC... "criminals" are all around, or?
No 'we' are not all criminals, at least 'I' am not.
>So come down "Mr. Judgeman" and imagine that other countries have other
... it isn't hard to do?
>And a little example so that also you can understand it:
We are most grateful.
>You judge somebody for the things he did, ok. But you didn't judge the
>stupid administrators.It's like judging a guy who punshed you... it's
>ok. But you don't judge the policeman who was 2 Meters away?
>Or: You judge the robber but not the guy who dosn't closed the door of
>That's why he can't be judged and I hope he will be free.
The scope of the discussion is the guy being hired by that company.
Whether or not other people are legally guilty of whatever one can come
up with, I think is not. Ofcourse one can blame people for being stupid
enough to leave the door open and kindly inviting even the largest
newbie burglar to sneak in, but does that automatically sets him free?
You started drawing the analogy with IT Security, so let me go along
that away. Do you consider a person guilty of not having the necessary
security when his server is broken into? You can blame someone for being
stupid, but the burglar still remains the one who broke in. You can
however legaly blame someone when because of the intrusion 3th party
material has been stolen, which was kept under the responsibility of the
guy owning the server.
The question is not necessarily a legal one, but also a business one. It
might be very accepted in the country he resides in, but what if the
product he's working one will be sold in computer shops in the country I
am residing in? Is it a good business plan to hire him, apart from
anything else that counts.
>And now come down and remember the good old times of Kevin Mitnick
>(another criminal, am I right?).
>And I hope that even our english speaking readers wont comment this
>topic anymore and close it. Otherwise we can start talking about politic
>and the criminal who's the president of the USA.
So you want to have the last word, which is quite polite. This is fd, as
long as they stick to the topic, people may respond. Moreover, you want
this to end by going political. Where did you say you were from, Mr...?
Full-Disclosure - We believe in it.