Reward for Virus Writer

Discussion in 'MCSE' started by Slarty Bartfast, Sep 22, 2004.

  1. This Stinks.


    A young German man believed to be responsible for writing 70 per cent of all
    computer viruses received in the first half of this year has been given a
    job in IT security.

    Sven Jaschan, 18, faces up to five years in prison for writing and spreading
    the Sasser and Netsky worms, said to have cost businesses around the world
    millions of dollars.

    Jaschan started a full-time job as a trainee programmer at German firewall
    company Securepoint at the start of the month.

    Lutz Hausmann, technical director at Securepoint, said: "My company has no
    problem with him. He has been inaccurately portrayed in the media.

    "He is just a normal kid who made mistakes and he will be sentenced for
    them. He has had death threats and his father has lost his job because of
    this. That is not right."

    However, some IT professionals say that his employment could be seen as a
    reward for his actions and encourage others to write viruses.


    --

    Regards,

    Slarty Bartfast
    Slarty Bartfast, Sep 22, 2004
    #1
    1. Advertising

  2. Slarty Bartfast

    JaR Guest

    In microsoft.public.cert.exam.mcse, Slarty Bartfast climbed on a soapbox
    & opined:

    > This Stinks.
    >
    >
    > A young German man <outrageous article snipped>
    > However, some IT professionals say that his employment could be seen
    > as a reward for his actions and encourage others to write viruses.
    >
    >


    I saw this. Securepoint should be boycotted for hiring him. They think that
    it will be good publicity for the company. I hope to heck it backfires on
    them.

    Virus writers should be forced to experience one of Doom's tools, not
    rewarded.

    JaR
    Pissed Pre-President
    JaR, Sep 23, 2004
    #2
    1. Advertising

  3. personaly i think they did a good thing hiring him ! because if they hired
    people as good as he is, i dont think we would have as much problems with
    virus's and worm's as we do now.
    most company's hire employes because they have a degree and a high GPA.
    its good to have that but it is not what they should look for!


    "Slarty Bartfast" wrote:

    > This Stinks.
    >
    >
    > A young German man believed to be responsible for writing 70 per cent of all
    > computer viruses received in the first half of this year has been given a
    > job in IT security.
    >
    > Sven Jaschan, 18, faces up to five years in prison for writing and spreading
    > the Sasser and Netsky worms, said to have cost businesses around the world
    > millions of dollars.
    >
    > Jaschan started a full-time job as a trainee programmer at German firewall
    > company Securepoint at the start of the month.
    >
    > Lutz Hausmann, technical director at Securepoint, said: "My company has no
    > problem with him. He has been inaccurately portrayed in the media.
    >
    > "He is just a normal kid who made mistakes and he will be sentenced for
    > them. He has had death threats and his father has lost his job because of
    > this. That is not right."
    >
    > However, some IT professionals say that his employment could be seen as a
    > reward for his actions and encourage others to write viruses.
    >
    >
    > --
    >
    > Regards,
    >
    > Slarty Bartfast
    >
    >
    >
    =?Utf-8?B?TWF0cmF4?=, Sep 23, 2004
    #3
  4. circa Wed, 22 Sep 2004 16:05:32 -0700, in
    microsoft.public.cert.exam.mcse, JaR ()
    said,
    > In microsoft.public.cert.exam.mcse, Slarty Bartfast climbed on a soapbox
    > & opined:
    >
    > > This Stinks.
    > >
    > >
    > > A young German man <outrageous article snipped>
    > > However, some IT professionals say that his employment could be seen
    > > as a reward for his actions and encourage others to write viruses.
    > >
    > >

    >
    > I saw this. Securepoint should be boycotted for hiring him. They think that
    > it will be good publicity for the company. I hope to heck it backfires on
    > them.
    >
    > Virus writers should be forced to experience one of Doom's tools, not
    > rewarded.
    >
    > JaR
    > Pissed Pre-President
    >

    Seconded.

    Laura
    --
    Experience is the name every one gives to their mistakes.
    -Oscar Wilde
    Laura A. Robinson, Sep 23, 2004
    #4
  5. circa Wed, 22 Sep 2004 17:39:04 -0700, in
    microsoft.public.cert.exam.mcse, =?Utf-8?B?TWF0cmF4?=
    () said,
    > personaly i think they did a good thing hiring him ! because if they hired
    > people as good as he is, i dont think we would have as much problems with
    > virus's and worm's as we do now.
    > most company's hire employes because they have a degree and a high GPA.
    > its good to have that but it is not what they should look for!
    >

    There is a he11uva difference between being *capable* of writing a
    virus and actually releasing one into the wild. For ethical, skilled
    people, the challenge is not just in finding the exploit, but in
    fixing it. Writing a virus is not fixing anything.

    I know very, very talented people on both sides of the fence. I'd
    rather have people like David Litchfield working for me than people
    like Sven Jaschan.

    Laura
    --
    Experience is the name every one gives to their mistakes.
    -Oscar Wilde
    Laura A. Robinson, Sep 23, 2004
    #5
  6. fixing the exploit is not the issue! you need to be able to find exploits to
    fix them




    "Laura A. Robinson" wrote:

    > circa Wed, 22 Sep 2004 17:39:04 -0700, in
    > microsoft.public.cert.exam.mcse, =?Utf-8?B?TWF0cmF4?=
    > () said,
    > > personaly i think they did a good thing hiring him ! because if they hired
    > > people as good as he is, i dont think we would have as much problems with
    > > virus's and worm's as we do now.
    > > most company's hire employes because they have a degree and a high GPA.
    > > its good to have that but it is not what they should look for!
    > >

    > There is a he11uva difference between being *capable* of writing a
    > virus and actually releasing one into the wild. For ethical, skilled
    > people, the challenge is not just in finding the exploit, but in
    > fixing it. Writing a virus is not fixing anything.
    >
    > I know very, very talented people on both sides of the fence. I'd
    > rather have people like David Litchfield working for me than people
    > like Sven Jaschan.
    >
    > Laura
    > --
    > Experience is the name every one gives to their mistakes.
    > -Oscar Wilde
    >
    =?Utf-8?B?TWF0cmF4?=, Sep 23, 2004
    #6
  7. Slarty Bartfast

    Neil Guest

    babbling on and on again Laura A. Robinson
    <> spewed in
    news::

    > circa Wed, 22 Sep 2004 16:05:32 -0700, in
    > microsoft.public.cert.exam.mcse, JaR ()
    > said,
    >> In microsoft.public.cert.exam.mcse, Slarty Bartfast climbed on a
    >> soapbox & opined:
    >>
    >> > This Stinks.
    >> >
    >> >
    >> > A young German man <outrageous article snipped>
    >> > However, some IT professionals say that his employment could be
    >> > seen as a reward for his actions and encourage others to write
    >> > viruses.
    >> >
    >> >

    >>
    >> I saw this. Securepoint should be boycotted for hiring him. They
    >> think that it will be good publicity for the company. I hope to heck
    >> it backfires on them.
    >>
    >> Virus writers should be forced to experience one of Doom's tools, not
    >> rewarded.
    >>
    >> JaR
    >> Pissed Pre-President
    >>

    > Seconded.
    >
    > Laura


    yup, I'll agree with that...show him the emasculator...

    --
    Neil MCNGP #30
    the "curious" hair on the soap of society
    Neil, Sep 23, 2004
    #7
  8. circa Wed, 22 Sep 2004 18:29:02 -0700, in
    microsoft.public.cert.exam.mcse, =?Utf-8?B?TWF0cmF4?=
    () said,
    > fixing the exploit is not the issue! you need to be able to find exploits to
    > fix them
    >

    Do you have reading difficulty?

    "For ethical, skilled people, the challenge is not just in finding
    the exploit, but in fixing it."

    Duh.

    Laura
    --
    Experience is the name every one gives to their mistakes.
    -Oscar Wilde
    Laura A. Robinson, Sep 23, 2004
    #8
  9. Slarty Bartfast

    Rowdy Yates Guest

    Laura A. Robinson <> wrote in
    news::

    > There is a he11uva difference between being *capable* of writing a
    > virus and actually releasing one into the wild. For ethical, skilled
    > people, the challenge is not just in finding the exploit, but in
    > fixing it. Writing a virus is not fixing anything.
    >
    > I know very, very talented people on both sides of the fence. I'd
    > rather have people like David Litchfield working for me than people
    > like Sven Jaschan.
    >
    > Laura


    i am actually very surprised that they hired Sven. i remember looking at
    this FBI report a while back (it's publicly avaible!) where they surveyed
    some top firms and one of the q's covered was ; if they would consider
    hiring a black hatter and it was a unanimous ---> "NO". the respondents
    looked upon it almost the same as hiring a convicted criminal.

    if i put myself into a similar "plausable" scenario. if my bosses came to
    me and said we have this great personable and intelligent guy thats
    really good with networks and we are are going to hire him to work with
    you in your office - but, he is a convicted thief - he went to prison for
    stealing computers - but he is all over with that now. are you kidding
    me?!! i would be kicking and screaming no fuggin' way!!

    i guess Sven "might" have a unique and much needed skill set - but i dont
    see how he is any more suited for this job than lets say some experienced
    virus analyst at SANS or F-Secure.

    --
    Rowdy Yates, MCNGP #39
    http://rowdy_yates2.tripod.com/
    "If it doesn't sleep, doesn't eat, doesn't take piss breaks and plays
    poker 24 hours a day - it's a bot!"
    Rowdy Yates, Sep 23, 2004
    #9
  10. i am not trying to be disrespectful, but Laura have you ever written virus or
    a worm !?
    because if you had experienced how it is done i can tell you that there is
    almost no difference exploiting an exploit and fixing it.

    Rowdy you said ''he went to prison for stealing computers'' i really dont
    see it that way, Sven Jaschan gave the world a wakup call ''hello people
    there is still alot of work to do to make the world a more secure place"

    Sven Jaschan maby did it the wrong way but you need to remember that he is
    a teenager,i am sure he was trhinking (if he can make a difference with his
    own hands why not do it ?!)
    insted of letting microsoft know about it


    "Laura A. Robinson" wrote:

    > circa Wed, 22 Sep 2004 18:29:02 -0700, in
    > microsoft.public.cert.exam.mcse, =?Utf-8?B?TWF0cmF4?=
    > () said,
    > > fixing the exploit is not the issue! you need to be able to find exploits to
    > > fix them
    > >

    > Do you have reading difficulty?
    >
    > "For ethical, skilled people, the challenge is not just in finding
    > the exploit, but in fixing it."
    >
    > Duh.
    >
    > Laura
    > --
    > Experience is the name every one gives to their mistakes.
    > -Oscar Wilde
    >
    =?Utf-8?B?TWF0cmF4?=, Sep 23, 2004
    #10
  11. Slarty Bartfast

    Rowdy Yates Guest

    =?Utf-8?B?TWF0cmF4?= <> wrote in
    news::

    > i am not trying to be disrespectful, but Laura have you ever written
    > virus or a worm !?
    > because if you had experienced how it is done i can tell you that
    > there is almost no difference exploiting an exploit and fixing it.
    >
    > Rowdy you said ''he went to prison for stealing computers'' i really
    > dont see it that way, Sven Jaschan gave the world a wakup call ''hello
    > people there is still alot of work to do to make the world a more
    > secure place"
    >
    > Sven Jaschan maby did it the wrong way but you need to remember that
    > he is
    > a teenager,i am sure he was trhinking (if he can make a difference
    > with his own hands why not do it ?!)
    > insted of letting microsoft know about it
    >


    words of wizdom from mr. anonymous.

    --
    Rowdy Yates, MCNGP #39
    http://rowdy_yates2.tripod.com/
    http://profiles.yahoo.com/rowdy_yates_mcngp
    Rowdy Yates, Sep 23, 2004
    #11
  12. Slarty Bartfast

    Rowdy Yates Guest

    =?Utf-8?B?TWF0cmF4?= <> wrote in
    i was gonna digress - but What the HELL...

    news::

    > Rowdy you said ''he went to prison for stealing computers'' i really
    > dont see it that way, Sven Jaschan gave the world a wakup call ''hello
    > people there is still alot of work to do to make the world a more
    > secure place"


    How in gods name does a "virus" make your world a "more secure place"?
    Businesses are spending huge amounts of money on SPAM prevention and
    virus prevention. Here's a wakeup call hacker boy, are you young and want
    to break into IT? the money we spend on security could be re-directed to
    the HR budget and give your sorry a$$ a junior IT job so you don't have
    to scrape together a miserable existence getting bum fusked by a moron
    shift manager on a power trip at the Burger King burger flipper job you
    currently work at.

    > Sven Jaschan maby did it the wrong way but you need to remember that
    > he is
    > a teenager,i am sure he was trhinking (if he can make a difference
    > with his own hands why not do it ?!)
    > insted of letting microsoft know about it


    And what difference did he make? Did he save a lives? Did he improve
    something?

    your computer is a tool. it eases your life a little by sparing you of
    doing some extremely boring and mundane tasks in life. this idiot added a
    major pain in the ass element to the whole process. nothing is "more
    secure". it's slower. it's more cumbersome. it's more system recource
    hungry.

    Your argument is also as pathetic as saying Osama and 9-11 made the world
    a safer place. did it? how so?

    --
    Rowdy Yates, MCNGP #39
    http://rowdy_yates2.tripod.com/
    http://profiles.yahoo.com/rowdy_yates_mcngp
    Rowdy Yates, Sep 23, 2004
    #12
  13. Slarty Bartfast

    BrianS Guest

    Sven exploited an exploit he did not find it - big difference. This
    particular exploit was found long before Sven came along. If Sven is so
    good why was he hired as a trainee?

    "Matrax" <> wrote in message
    news:...
    > fixing the exploit is not the issue! you need to be able to find exploits
    > to
    > fix them
    >
    >
    >
    >
    > "Laura A. Robinson" wrote:
    >
    >> circa Wed, 22 Sep 2004 17:39:04 -0700, in
    >> microsoft.public.cert.exam.mcse, =?Utf-8?B?TWF0cmF4?=
    >> () said,
    >> > personaly i think they did a good thing hiring him ! because if they
    >> > hired
    >> > people as good as he is, i dont think we would have as much problems
    >> > with
    >> > virus's and worm's as we do now.
    >> > most company's hire employes because they have a degree and a high GPA.
    >> > its good to have that but it is not what they should look for!
    >> >

    >> There is a he11uva difference between being *capable* of writing a
    >> virus and actually releasing one into the wild. For ethical, skilled
    >> people, the challenge is not just in finding the exploit, but in
    >> fixing it. Writing a virus is not fixing anything.
    >>
    >> I know very, very talented people on both sides of the fence. I'd
    >> rather have people like David Litchfield working for me than people
    >> like Sven Jaschan.
    >>
    >> Laura
    >> --
    >> Experience is the name every one gives to their mistakes.
    >> -Oscar Wilde
    >>
    BrianS, Sep 23, 2004
    #13
  14. circa Wed, 22 Sep 2004 20:25:05 -0700, in
    microsoft.public.cert.exam.mcse, =?Utf-8?B?TWF0cmF4?=
    () said,
    > because if you had experienced how it is done i can tell you that there is
    > almost no difference exploiting an exploit and fixing it.
    >

    "For ethical, skilled people, the challenge is not just in finding
    the exploit, but in fixing it."

    Not because of any "difference" in the skill required- the DIFFERENCE
    is that the ethical person wants to get a fix written and published
    *before* the exploit is seen in the wild and does what s/he can to
    facilitate that.

    Clearly you're not understanding me, so let's just drop it.

    Laura
    --
    The optimist thinks this is the best of all possible worlds. The
    pessimist fears it is true.
    -Robert Oppenheimer
    Laura A. Robinson, Sep 23, 2004
    #14
  15. circa Wed, 22 Sep 2004 20:25:05 -0700, in
    microsoft.public.cert.exam.mcse, =?Utf-8?B?TWF0cmF4?=
    () said,
    > Sven Jaschan maby did it the wrong way but you need to remember that he is
    > a teenager,i am sure he was trhinking (if he can make a difference with his
    > own hands why not do it ?!)
    > insted of letting microsoft know about it
    >
    >

    And that is EXACTLY what the problem is and why he is *not* what I
    consider ethical or well-meaning.

    <sigh>

    As I said, there is not much point in discussing this further because
    you don't seem to grok what I'm writing. However, the above statement
    is, IMO, ridiculous. First, there is no reason that a teenager can't
    have ethics. Second, had the fool actually notified Microsoft of the
    exploit (except, of course, for the fact that the LSASS flaw was
    already public and he didn't even discover it), he could have ended
    up with a job *without* the jail time, *without* getting his father
    fired, *without* bringing death threats to his family, *without*
    disrupting Internet traffic, *without* costing businesses millions of
    dollars, and *without* conducting himself as an utter idiot.

    And as far as your "wake up call", sorry, but "I love you" and
    Slammer beat this fool to it by a long shot. Everybody *knows* about
    the problems with the current state of the Internet. Even the
    greenest n00b knows at least conceptually what a virus/worm is in the
    world of computing. If there were fewer flitwits like Sven Jaschan
    wasting time producing destructive trash and more of them actually
    working to *fix* problems, then we would be in a much better place.

    And most of what I saw that he wrote was not particularly impressive,
    IIRC. It was derivative and based on a known exploit that had already
    been published and for which patches were already available. Gee, it
    just takes tons and tons of skill to exploit a flaw that has been
    announced publicly. It also relied on port 445 being open at the
    firewall and sucked at spreading itself. I think it took several
    versions before it was even able to propagate itself worth cr4p. Wow,
    there's some impressive work. Sven Jaschan relied on the fact that
    people don't patch their machines the way they should, and that's it.
    Heck, my workplace and home were utterly unaffected by Sven's toys.
    His assortment of vermin was the computing equivalent of him getting
    the flu and intentionally sneezing on people who'd not gotten flu
    shots.

    As I said, I'd rather hire people like David Litchfield than like
    this Sven idiot any day, since David and others like him (who shall
    remain anonymous for the purposes of this discussion) actually *find*
    the exploits rather than waiting for somebody else to tell them about
    it and then cobbling together some little script kiddie worm to use
    it. I've seen nothing to indicate that Sven Jaschan actually *found*
    the exploit himself. I remain unimpressed with his supposed skills
    and his ethics, and I think Securepoint is going to get just what
    they deserve- an overhyped script kiddie who'll probably rootkit
    their servers and hose their network when he gets pi$$ed off about
    actually having to work in a world where.

    I have nothing but respect for a really good ethical hacker (and
    let's just say that I know some of the best and leave it at that).
    However, I have no respect for somebody who sits around using
    somebody else's discovery to commit what is essentially a bunch of
    acts of pointless vandalism. If you're gonna hack, do it right, do it
    with a target, for a reason, with the intent of fixing rather than
    breaking and do it without choking the very infrastructure that
    you're using to get to your target. Oh, and don't get caught doing
    it. Again, DUH.

    The people who impress me are *so* much better than this twerp.

    Laura
    --
    I am not young enough to know everything.
    -Oscar Wilde
    Laura A. Robinson, Sep 23, 2004
    #15
  16. circa Wed, 22 Sep 2004 22:06:22 -0700, in
    microsoft.public.cert.exam.mcse, BrianS ()
    said,
    > Sven exploited an exploit he did not find it - big difference. This
    > particular exploit was found long before Sven came along. If Sven is so
    > good why was he hired as a trainee?
    >

    <ding ding ding>

    Laura
    --
    Experience is the name every one gives to their mistakes.
    -Oscar Wilde
    Laura A. Robinson, Sep 23, 2004
    #16
  17. circa Wed, 22 Sep 2004 19:45:06 -0700, in
    microsoft.public.cert.exam.mcse, Rowdy Yates
    () said,
    > i guess Sven "might" have a unique and much needed skill set -
    >

    No he doesn't. He's a script kiddie. He's just a high profile script
    kiddie who just bought Securepoint a bunch of cheap publicity. That's
    it.

    How many people had even heard of Securepoint before this?

    Mission accomplished.

    Laura
    --
    Experience is the name every one gives to their mistakes.
    -Oscar Wilde
    Laura A. Robinson, Sep 23, 2004
    #17
  18. circa Thu, 23 Sep 2004 02:32:09 -0400, in
    microsoft.public.cert.exam.mcse, Laura A. Robinson
    () said,
    > he gets pi$$ed off about
    > actually having to work in a world where.

    ethics matter.

    --
    Experience is the name every one gives to their mistakes.
    -Oscar Wilde
    Laura A. Robinson, Sep 23, 2004
    #18
  19. Slarty Bartfast

    JC Guest

    Hi Sven!



    >-----Original Message-----
    >i am not trying to be disrespectful, but Laura have you

    ever written virus or
    >a worm !?
    >because if you had experienced how it is done i can tell

    you that there is
    >almost no difference exploiting an exploit and fixing it.
    >
    >Rowdy you said ''he went to prison for stealing

    computers'' i really dont
    >see it that way, Sven Jaschan gave the world a wakup

    call ''hello people
    >there is still alot of work to do to make the world a

    more secure place"
    >
    > Sven Jaschan maby did it the wrong way but you need to

    remember that he is
    >a teenager,i am sure he was trhinking (if he can make a

    difference with his
    >own hands why not do it ?!)
    >insted of letting microsoft know about it
    >
    >
    >"Laura A. Robinson" wrote:
    >
    >> circa Wed, 22 Sep 2004 18:29:02 -0700, in
    >> microsoft.public.cert.exam.mcse, =?Utf-8?B?TWF0cmF4?=
    >> () said,
    >> > fixing the exploit is not the issue! you need to be

    able to find exploits to
    >> > fix them
    >> >

    >> Do you have reading difficulty?
    >>
    >> "For ethical, skilled people, the challenge is not

    just in finding
    >> the exploit, but in fixing it."
    >>
    >> Duh.
    >>
    >> Laura
    >> --
    >> Experience is the name every one gives to their

    mistakes.
    >> -Oscar Wilde
    >>

    >.
    >
    JC, Sep 23, 2004
    #19
  20. circa Thu, 23 Sep 2004 00:46:28 -0700, in
    microsoft.public.cert.exam.mcse, JC () said,
    > Hi Sven!
    >

    Heh. I was thinking something similar. <G>

    Laura
    --
    Experience is the name every one gives to their mistakes.
    -Oscar Wilde
    Laura A. Robinson, Sep 23, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. zebu

    Replacing CD writer with DVD writer

    zebu, Apr 11, 2004, in forum: Computer Support
    Replies:
    5
    Views:
    2,532
    Eugene Solot
    Apr 12, 2004
  2. Gareth not NLL or anybody else.

    CD writer and Dvd writer problem

    Gareth not NLL or anybody else., Apr 28, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    638
    Gareth not NLL or anybody else.
    Apr 28, 2004
  3. reachinout
    Replies:
    1
    Views:
    582
    °Mike°
    Sep 20, 2004
  4. Replies:
    3
    Views:
    1,114
    AZ Nomad
    Mar 31, 2006
  5. Giuen
    Replies:
    0
    Views:
    836
    Giuen
    Sep 12, 2008
Loading...

Share This Page