OT: XP SP2 security hole

Bill Vermillion fp at wjv.com
Sat Oct 2 17:09:48 PDT 2004


Fairlight, the prominent pundit, on Sat, Oct 02 14:07  while half 
mumbling half-witicized: 

> On Sat, Oct 02, 2004 at 09:03:02AM -0400, after drawing runes in goat's blood,
> Bill Vermillion cast forth these immortal, mystical words:

[Snippity doo dah - snippity de-ay - wvj]

> > And I'd sooner trust accounting to a known embezzler than an
> > unknown one.  The former will know you are watching them. :-)

> Set a crook to catch a crook?  I've heard that argument before.

I didn't say that nor did I mean to imply that.  If the known
embezzler had paid their dues [jail time most probably] that
doesn't mean they aren't a good accountant.    And since they are
known to have had problems in the past if they want to go straight
this is an opportunity.  But you'd have checks and balances.

> You read about the brouhaha in the last week or two about the
> Sasser/Netsky author being hired by a German AV firm, I trust?
> Nobody in the security community is taking that very well, and
> with good reason IMHO. It's ironic, as he still hasn't been
> sentenced, last I read/heard.

It depends upon what that person does at that firm.  He cuold be
like a safe-cracker hired by a safe company to see if he could
break into their safes.  And of course none of the details would be
given to him.

If the Sasser/Netsky author is given a job by a security firm
they could have him working on finding holes in existing sotware
and/or testing their AV product.  They don't have to let him author
the code.

As the old saying goes "No one is completely worthless.  They can
at least serve as a bad example".

Bill
-- 
Bill Vermillion - bv @ wjv . com


More information about the Filepro-list mailing list