Anders B Jansson wrote:No, it's not an interpretation, it caused havoc, that's a fact.And stop this silly mumbling about Sasser being created as warning or heads up.That's your *interpretation*, not what I said. And this interpretation is *wrong*.
If it had been designed as a a warning, it would have provided a warning, instead of spreading out of control and crashing machines.
Sasser was created to create havoc, nothing else.ACK. But only unpatched computers were vulnerable - we had no problems here 'cause we've already patched our machines. So, our network was not violated and we had time for more important things then solving problems caused by a worm that could spread because of unpatched computers.
Well good for you, and actually good for us, we had 50.0000+ computers patched in time, and the few we missed was a minor nuisance.
It doesn't change the fact that releasing the worm was a criminal act and the person who did should face the consequences if his/her actions.
Which leads back to the ever repeating:
Using a bad lock might be a moronic act, but breaking the bad lock is, and will always be, a criminal act.
The Sasser author didn't find a vulnerability, nor did he/she report it, he/she wrote a worm to exploit it, nothing else,
And that's a criminal act, and hopefully he/she will get a stiff sentence.
// hdw
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
