Sasser Authors last fling

[steve.milner]

Originally posted here by .:front2back:.
Then what language to the "Skiddies speak?
f2b:.

Dunno about the language, but they certainly talk a lot of ****!

[foxyloxley]

I've just read this:
http://www.pcpro.co.uk/?news/news_story.php?id=63360

It HAD to happen, just didn't think it would be so soon ..............

Sasser author finds gainful employment
[PC Pro] 13:37

The 18 year old accused of unleashing the Sasser worm on the world has been hired by a security firm.
In a fine example of poacher turning gamekeeper, Sven Jaschan, who caused chaos in the world's computer systems earlier this year has been hired by northern German outfit Securepoint with a view to train him up to be a security software coder. The company said, in a masterpiece of teutonic understatement, that young Sven 'has a certain know-how in this field.'

Others in the security business are less than impressed fearing that many young coders will now consider it a plus to have the authorship of a damaging virus on their CV.

[MrLinus]

I don't think I'd want to do business with them given his "ethics". Seriously, how would a client know if he puts something into the software that is being sold/written for them. In addition, I thought the Sasser author had questionable coding skills (could have sworn that was what some of the AV companies had said).

[therenegade]

/me sees a whole bunch of worm writers gearing up...hell,if it's going to get them assured jobs...anyone foresee worm writing courses?sheesh...

[MrLinus]

Well there is an existing virus course at the University of Calgary. The question is: are the ethics taught good enough? (I believe they are and the requirements are quite strict to get into this course).

[foxyloxley]

Well there is an existing virus course at the University of Calgary.

Could you possibly list a few of the requirements ?
And what you believe to be 'good' ethics ?

I'm curious as hell about a degree course in 'mayhem' for want of a better descriptive ........

I would assume that the end result is a person who is fully aware of virology [sp] and the implications of their release into the wild.

[Tiger Shark]

Ms. M:

I'm pretty sure it was Sasser that I read about the initial assessment of the code when it hit and someone said that he was surprised the author got the code to run.......

[MrLinus]

IIRC, you had to get approval from the Dean and the Department to take the course. They have removed some of the details of it in it's present listing it appears. The idea of good ethics is that you understand that what you write stays in the lab and is never to go out. Neither is it be malicious when experimenting with it in the lab (e.g., destroys a classmates setup). It's similar to the wargames that I use in my class to teach students the basics of security. If you understand how the "bad guys" think, then it may get easier to defend against them.

It's a form of profiling, for lack of a better description. But the ethics is knowing where the line is and when you've crossed it.

[Tiger Shark]

But the ethics is knowing where the line is and when you've crossed it.

.... and how to blame it on your classmate if you do......

[foxyloxley]

someone said that he was surprised the author got the code to run.......

This could be part of the phenomenon where the author is not aware of how hard things are, and just accepts the results as they come.

A little knowledge MAY be a dangerous thing.

But NO knowledge can sometimes be a safe haven ...........

[edit] MsM:

Just to say thank you for the response.
It makes things clearer, but still leaves the danger of a 'sleeper' getting through the checks, which in turn would make for a far more dangerous author .......

I realise that you have to draw the line somewhere, just glad that I'm not good enough to be trusted with decisions like that. [/edit]