OT: XP SP2 security hole
Bill Vermillion
fp at wjv.com
Sat Oct 2 17:09:48 PDT 2004
Fairlight, the prominent pundit, on Sat, Oct 02 14:07 while half
mumbling half-witicized:
> On Sat, Oct 02, 2004 at 09:03:02AM -0400, after drawing runes in goat's blood,
> Bill Vermillion cast forth these immortal, mystical words:
[Snippity doo dah - snippity de-ay - wvj]
> > And I'd sooner trust accounting to a known embezzler than an
> > unknown one. The former will know you are watching them. :-)
> Set a crook to catch a crook? I've heard that argument before.
I didn't say that nor did I mean to imply that. If the known
embezzler had paid their dues [jail time most probably] that
doesn't mean they aren't a good accountant. And since they are
known to have had problems in the past if they want to go straight
this is an opportunity. But you'd have checks and balances.
> You read about the brouhaha in the last week or two about the
> Sasser/Netsky author being hired by a German AV firm, I trust?
> Nobody in the security community is taking that very well, and
> with good reason IMHO. It's ironic, as he still hasn't been
> sentenced, last I read/heard.
It depends upon what that person does at that firm. He cuold be
like a safe-cracker hired by a safe company to see if he could
break into their safes. And of course none of the details would be
given to him.
If the Sasser/Netsky author is given a job by a security firm
they could have him working on finding holes in existing sotware
and/or testing their AV product. They don't have to let him author
the code.
As the old saying goes "No one is completely worthless. They can
at least serve as a bad example".
Bill
--
Bill Vermillion - bv @ wjv . com
More information about the Filepro-list
mailing list