Full Disclosure mailing list archives
Re: Scandal: IT Security firm hires the author of Sasser worm
From: Matthias Andree <matthias.andree () gmx de>
Date: Mon, 20 Sep 2004 23:06:11 +0200
Feher Tamas <etomcat () freemail hu> writes:
The german IT security company "Securepoint" has hired Sven Jaschan, who wrote and spread the Sasser Internet worm, which caused widespread and costly damages to legions of Windows computers.
I don't know about the names of the company and the alleged Sasser worm author, but local media reported (without names) the Sasser author was hired as apprentice while awaiting his trial.
This is a scandal! Whether or not you like the 250k USD head-hunting bounty which Microsoft Corp. paid to have Mr. Jaschan nailed, he is still a criminal.
In dubio pro reo, IOW, he isn't criminal until a pertinent conviction with a sufficiently high sentence has become final. Given his age, he's to be tried according to the penal code for adolescents, which emphasizes helping people back to act lawfully. What bothers me is that the firm who have hired him are reported to have stated that an eventual verdict will not have an influence on the worm author's apprenticeship, and the question of trust is also open yet. OTOH, it usually takes individuals and companies literally ages to patch up their systems, and it is inexcusable how many machines are _still_ infected with one old worm or another.
Hiring him is a taboo. It is totally unacceptable to picture him as a modern age Robin Hood or freedom fighter.
That's not how he'll be seen. He is somebody who needs to prove himself now. He has a 2nd chance and he can't expect mercy if he spoils it.
I urge all to boycott the Securepoint and I urge those who suffered losses due to the Sasser worm to sue Securepoint and seek damages.
Unless you can prove Securepoint has had to do with the creation or spreading of the Sasser worm, that is utterly pointless no matter how deep in rage you are. If you're suing for damages, YOU are carrying the burden of proof, YOU must prove how Securepoint (or any other employer) has helped the worm development or spreading. If you can't, the court will reject the suit and chage the plaintiff the legal expenses. This shouldn't be too surprising. Sue the Sasser author instead, and don't forget to sue Microsoft who have delivered faulty software, the antivirus manufacturers who are still offering "warn sender" options, every lazybones who installed the MS patch too late and every idiot mail admin who still operates a software that sends delayed bounces rather than immediate reject in the SMTP transaction. You'll see how many of the suits will succeed in court. Not too many, I'd think because the proof is difficult.
VXing must end and we must send a strong
Whatever VXing is, and...
message to teenagers that cracking is not hacking and will not be tolerated.
...German jurisdiction will handle this, independent of the public opinion (German or abroad). -- Matthias Andree _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Scandal: IT Security firm hires the author of Sasser worm, (continued)
- Re: Scandal: IT Security firm hires the author of Sasser worm Gregory A. Gilliss (Sep 20)
- Re: IT Security firm hires the author of Sasser worm Peter Bruderer (Sep 21)
- Re: Re: IT Security firm hires the author of Sasser worm -just a thought- Frank de Wit (Sep 21)
- Re: Scandal: IT Security firm hires the author of Sasser worm VX Dude (Sep 21)
- Re: Scandal: IT Security firm hires the author of Sasser worm Ron DuFresne (Sep 21)
- Re: Scandal: IT Security firm hires the author of Sasser worm van Helsing (Sep 22)
- Re: Scandal: IT Security firm hires the author of Sasser worm Dries Robberechts (Sep 22)
- Re: Scandal: IT Security firm hires the author of Sasser worm Ron DuFresne (Sep 22)
- Re: Scandal: IT Security firm hires the author of Sasser worm Barrie Dempster (Sep 22)
- Re: Scandal: IT Security firm hires the author of Sasser worm Ron DuFresne (Sep 22)
- Re: IT Security firm hires the author of Sasser worm Peter Bruderer (Sep 21)
- Re: Scandal: IT Security firm hires the author of Sasser worm Gregory A. Gilliss (Sep 20)
- RE: Scandal: IT Security firm hires the author of Sasser worm Jonathan Rickman (Sep 20)
- RE: Scandal: IT Security firm hires... Harlan Carvey (Sep 20)
- RE: Scandal: IT Security firm hires the author of Sasser worm Michael Simpson (Sep 20)
- Re: Scandal: IT Security firm hires the author of Sasser worm Samir Kelekar (Sep 20)
- RE: Scandal: IT Security firm hires the author of Sasser worm Fred Newtz (Sep 20)
- RE: Scandal: IT Security firm hires the author of Sasser worm Paul Schmehl (Sep 20)
- Re: Scandal: IT Security firm hires the author of Sasser worm Jack Repenning (Sep 20)