Full Disclosure mailing list archives
RE: New therad: sasser, costs, support etcalltogether
From: "Scott Forrest" <sforrest () hsdwdc com>
Date: Mon, 17 May 2004 10:39:23 -0400
Irregardless of blame in relation to Point #1, the matter is moot. If not for the "holes" in all Software there would be a lot less need for IT staff and network support - namely us. I applaud their attempts to get it right and am thrilled that they don't. Their mistakes provide more jobs than Bush tax cuts ever have or will. :) Scott Forrest IT Manager Hobbs, Straus, Dean & Walker, LLP 2120 L St. NW - Suite 700 Washington, D.C. 20037 202.822.8282 ext.326 sforrest () hsdwdc com "Not one shred of evidence supports the notion that life is serious." "Only those who attempt the absurd can achieve the impossible." "Those who would trade liberty for security deserve neither." - Benjamin Franklin -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Chris Locke Sent: Friday, May 14, 2004 2:53 PM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] New therad: sasser, costs, support etcalltogether I agree highly with point's 2 and 3 but not so much with point 1. If MS is wrong by releasing buggy software then so is Sun, Ibm, Cisco, Every Linux vendor....hell anybody who has ever written a piece of software. Now I am not trying to flame, and I am not a MS fan at all but lataly I have been getting sick of all the finger pointing being done to them. Did everybody flame Linus over all the Linux kernel vulnerabilities over the last few months? fuck no... Everybody has there opinions on each of the os's and I respect all of you, but let's be reasonable about it. MS patched the vulnerability before it was exploited. What the fuck else do we want? Bill Gates to personally fly out and patch our systems for us? Sorry for the rant guys... Chris Locke http://stageofbattle.org On Fri, 2004-05-14 at 10:27, Radule Soskic wrote:
I can't post this to all the threads that I would like to, so I'm opening a new one. Follow this: 1. MS is wrongdoing by releasing (and charging for use of) software that has bugs in it. Users of such software have losses in time/money by trying to keep up with applying pathches, or just by trying to keep
the uptime high. 2. Admins are wrongdoing by not applying patches to the systems they maintain. There are losses tied to such misspractice, too. 3. Worm authors are wrongdoing by writing software that propagate through the networks by exploiting all of the above. Again, the losses
occur in time/money spent to remove the worms from the systems
affected.
It is obvious that almost every legal system in the world treats #3 as
crime, while #2 and #1 are broadly tolerated. Noone here is against the book of law, but it just seems to be in contrast to the natural and intuitive feeling of justice that majority of people might have regarding the issues like these. See - only one of the three wrongdoers is being punished. Is it right? Or - is it wrong? BTW, I have a funny feeling that damages/losses caused by #3 might very often be far less than the ones caused by #2 and #1. Am I alone? cikasole _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -------------------------------------------------------------------------------- Hobbs, Straus, Dean and Walker, LLP. Confidentiality Statement This message is intended only for the use of the individuals to which this e-mail is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable laws. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender immediately and delete this e-mail from both your "mailbox" and your "trash." Thank you. -------------------------------------------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: New therad: sasser, costs, support etcalltogether Scott Forrest (May 17)
- <Possible follow-ups>
- RE: New therad: sasser, costs, support etcalltogether id3nt (May 17)
- RE: New therad: sasser, costs, support etcalltogether Michael Gargiullo (May 17)
- RE: New therad: sasser, costs, support etcalltogether Gary E. Miller (May 17)
- RE: New therad: sasser, costs, support etcalltogether Ron DuFresne (May 17)
- RE: New therad: sasser, costs, support etcalltogether Michael Gargiullo (May 17)
- RE: New therad: sasser, costs, support etcalltogether Michael Gargiullo (May 17)
- RE: New therad: sasser, costs, support etcalltogether madsaxon (May 17)