Feher Tamas <[EMAIL PROTECTED]> writes: > The german IT security company "Securepoint" has hired Sven > Jaschan, who wrote and spread the Sasser Internet worm, > which caused widespread and costly damages to legions of > Windows computers.
I don't know about the names of the company and the alleged Sasser worm author, but local media reported (without names) the Sasser author was hired as apprentice while awaiting his trial. > This is a scandal! Whether or not you like the 250k USD > head-hunting bounty which Microsoft Corp. paid to have Mr. > Jaschan nailed, he is still a criminal. In dubio pro reo, IOW, he isn't criminal until a pertinent conviction with a sufficiently high sentence has become final. Given his age, he's to be tried according to the penal code for adolescents, which emphasizes helping people back to act lawfully. What bothers me is that the firm who have hired him are reported to have stated that an eventual verdict will not have an influence on the worm author's apprenticeship, and the question of trust is also open yet. OTOH, it usually takes individuals and companies literally ages to patch up their systems, and it is inexcusable how many machines are _still_ infected with one old worm or another. > Hiring him is a taboo. It is totally unacceptable to picture him as a > modern age Robin Hood or freedom fighter. That's not how he'll be seen. He is somebody who needs to prove himself now. He has a 2nd chance and he can't expect mercy if he spoils it. > I urge all to boycott the Securepoint and I urge those who > suffered losses due to the Sasser worm to sue Securepoint > and seek damages. Unless you can prove Securepoint has had to do with the creation or spreading of the Sasser worm, that is utterly pointless no matter how deep in rage you are. If you're suing for damages, YOU are carrying the burden of proof, YOU must prove how Securepoint (or any other employer) has helped the worm development or spreading. If you can't, the court will reject the suit and chage the plaintiff the legal expenses. This shouldn't be too surprising. Sue the Sasser author instead, and don't forget to sue Microsoft who have delivered faulty software, the antivirus manufacturers who are still offering "warn sender" options, every lazybones who installed the MS patch too late and every idiot mail admin who still operates a software that sends delayed bounces rather than immediate reject in the SMTP transaction. You'll see how many of the suits will succeed in court. Not too many, I'd think because the proof is difficult. > VXing must end and we must send a strong Whatever VXing is, and... > message to teenagers that cracking is not hacking and will > not be tolerated. ...German jurisdiction will handle this, independent of the public opinion (German or abroad). -- Matthias Andree _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
