Blaster Writer Caught 1157
Henry V .009 writes "The FBI will be arresting an 18 year-old in connection with MS Blaster, reports The Washington Post." According to the article, the teen was witnessed testing the worm, and then turned in by a bystander. It's also worth noting that this is merely one of the Blaster variations. Hope whoever it was had fun, because a world of pain is waiting in store now.
Passer by? (Score:5, Insightful)
The average person wouldn't have a clue about what a developer was doing. There's no way someone can walk by and know that the guy was testing a virus.
Assuming this is true.... (Score:5, Insightful)
Re:A witness turned him in?!? (Score:5, Insightful)
Of course the witness was also last seen purchasing a shark tank and some laser beams...
Re:A witness turned him in?!? (Score:3, Insightful)
Almost certainly, "witnessed" here means bragged to, which frankly makes perfect sense for an 18 year old probably male, probably virgin programmer. Hey, if he's up all night reading /. he may yet beat the feds and run to Canada ;^)
Re:If (Score:2, Insightful)
He's innocent. (Score:5, Insightful)
Or have we forgotten how the system works?
Alleged writer. Innocent until proven guilty beyond all reasonable doubt.
Based on this report, the evidence so far is one witness of unknown competence. "Testing the infection"? I "tested the infection" yesterday by making sure that AVG can contain Blaster.
Oh, I'm sure that the FBI aren't (quite) dumb enough to announce this without doing some investigation, but the fact that they're announcing it as a fait accompli before they've even made the arrest indicates that this is a PR exercise.
But that's irrelevant speculation, because whatever their or my or your opinion on it, this guy is innocent... pause for breath... until proven guilty beyond all reasonable doubt. Let's drop the tabloid press pack mentality here.
Never attribute to conspiracy..... (Score:3, Insightful)
I guess this puts a finish to the "spammers are releasing viri into the wild" theories??
Re:relevant haiku (Score:5, Insightful)
a laughing matter. I think
you are all sick fucks
Re:A witness turned him in?!? (Score:2, Insightful)
testing them isn't a crime too
i think you have to release them to cause any damage
or is there some stupid new law that looks at viruses like bombs
is a virus now classified as a illegal weapon (of mass destruction)???
Re:writing viruses shouldnt be illegal (Score:4, Insightful)
I am pretty sure it isn't illegal. What is illegal is putting it on someone's computer or network without permission, intentionally spreading it (in an active form) or allowing it to spread itself across space one does not own.
Since a virus is nothing more than a computer program, it would be incredibly difficult to make writing one illegal without catching a lot of legitimate software in the same net.
eg - Under a literal interpretation of one of Britain's early "anti-virus/anti-trojan" statutes, Windows 95 would have qualified as a 70 megabyte trojan!
No blame for MS? (Score:5, Insightful)
Re:No blame for MS? (Score:2, Insightful)
Frankly I'm not sure if the kid deserves jail time or a medal for giving the world a wakeup call.
If an 18 year old script kiddie can bring the world to it's knees overnight, I think that speaks VOLUMES about what's REALLY WRONG with the software industry and the garden path it's leading us all down.
Thank you - If I had mod points, you == +1 (Score:5, Insightful)
Imagine if it were you in prison.
I have been incarcerated, and while I wasn't physically accosted (though I don't doubt that it may have happened if I'd been prescribed a longer stay), the sexual humiliation was probably the worst part of the experience. Prisoners have to shower. Together. And the jailors have seemingly no end of dick-jokes.
You have to disrobe before you get into the shower, obviously. You leave your prison garb in a "cubby" type lockeresque rack, and you hope that a) you remember which cubby you put your garb in and b) some joker doesn't forget such and take yours by accident.
After taking your clothes off, you have to pass by several guards before you get into the showers proper. And the guards utter sexually oriented insults to every inmate who walks past. "Hey smallcock." "How come you're so eager to get in the shower with a bunch of naked men?" "I bet all these guys want to have a big orgy!" "Today was grits and eggs for breakfast, but it must be sausage for dinner!" "Look at this, a whole shower full of little dicks!" etc. No, I'm not joking, the jailors really say this shit.
This was humiliating enough. I can't imagine the torture of actual prison rape. It happens, people, and it's very real. The things that go on in jail, most people (who, of course, have never been to jail) would not believe unless they witnessed it themselves. I hope that you don't have to, but at the same time, please have a modicum of respect for those of us who have been there, and those who are still there for whatever reason. I'm not asking you to have sympathy for people who have committed crimes; you do the crime, you do the time. But being a criminal does not mean you deserve sexual assault.
No aspect of prison is funny.
None.
Takes two to tango (Score:2, Insightful)
If I were to defend the virus writer: virii are often very clever and neat pieces of code. They usually show that someone has been wise enough to spot an exploit and demonstrate it. In some cases they only get out by mistake. Surely it's better to know about holes in software than hide from them? Virii practically do software vendors the service of testing their code - perhaps they should even be paid for it?!?!
I like that idea: virii could be seen as an overt way to force closed source software into improving? A kinda predatory unit test
Re:Will be arresting... (Score:2, Insightful)
----------
Re:how odd, not the situation here in UK (Score:2, Insightful)
Re:Seriously? Arrest Microsoft, Inc. (Score:1, Insightful)
Really ? Interesting.. That puts us at 1993, The Windows 3.11 for Workgroups era, if that. And to think that the earliest version of Windows this affects is Windows NT 4.0 - released around August 1996.
That makes it at best a ~7 year old vulnerability - still not a good track record, but if it's so easy to find out the proper numbers then why spread FUD by saying it was ~10 ?
Furthermore..
MS Blaster first surfaced on.. what.. August 12th, 2003 ? Something like that.
The patch that Microsoft had to fix the vulnerability was put available on.. oh.. July 16, 2003 ?
That's a day short of 4 weeks.
4 weeks for people to patch their systems.
4 weeks to close the ports involved.
4 weeks for *you* to inform everybody you know, if you're apparently so concerned with these things, who may not be on the ball with their own security concerns that they should really, really, really install the available patch.
And this is still more Microsoft's fault than it is admins'/users', how ?
Another possibility is that this is FUD. (Score:2, Insightful)
It could be that there isn't any 18 year old programmer, nor any witness either. It may be only a tactic to spread FUD among any potential future virus writers, so that they think "Hey! They've actually caught one virus writer. They could also catch me."
So... my particular conspiracy theory is that there's no one about to be caught, but that this FUD move would serve these purposes:
Re:Thank you - If I had mod points, you == +1 (Score:5, Insightful)
Re:Seriously? Arrest Microsoft, Inc. (Score:3, Insightful)
Or maybe, just maybe, it is possible for people to look at code and miss something, because it hasn't been tried before, isn't obvious, etc.
Give me a break I can list plenty of OSS applications that have had some doozy security holes discovered. This doesn't mean the developers or those that reviewed the code were neglegent, just that they did not manage to see the problem. It is hard to predict everything that can go wrong when you have, quite literally, an infinite amount of different kinds of bad, unexpected, data that can be sent to your program.
Re:A witness turned him in?!? (Score:4, Insightful)
Interesting (Score:4, Insightful)
Now of course this isn't seen as a reason to sue car makers because it is an unintended way of using your car. You aren't SUPPOSED to crash it, and if you are a good driver you won't unless another bad driver hits you. The things that concern people are when cars fail when they do nothing wrong, ie the Firestone tire thing, or when the kind of failure is out of perportion with the mistake, ie low speed collison leads to gas tank explosion.
Well, see, with computer security vunerabilites you are talking about people making unexpected use of your product. They are sending bad data to it, data it isn't designed to accept or work with. Somethimes this causes an unexpected result.
So as far as I'm concerned, the computer world already has BETTER safety than automobiles. People can do all sorts of nasty, unexpected things to my computer, and it will shrug them off as if it were nothing. Any time some problem IS discovered, I am given an update to fix it. This would be like driving around in a car that had unpickable locks, un breakable glass, would not damage you or itself when you hit a wall, etc. Then if it was discovered that, for example, a certian acid could melt your locks and let someone in, they'd send you new locks that were impervious to that.
Now of course software is virtual and so this can be done whereas it can't with a physical thing liek cars, but I'm not seeing any problems here. All security holes come from assholes trying to do things they shouldn't. I gaurentee if you setup a seperate physical trusted network with only users you know to not be hax0rs you will never find a system comprmised, even if they all remaing unpatched. It is only when you connect to the internet and every asshat is free to try and do all sorts of things they shouldn't are you in any danger.
Re:Punishment fit the crime... (Score:2, Insightful)
Re:Thank you - If I had mod points, you == +1 (Score:5, Insightful)
But being a criminal does not mean you deserve sexual assault.
I agree. I believe that this part of prison constitutes cruel and unusual punishment, and I believe that were I to be a prisoner and subjected to rape with a complicit guarding authority, I would sue on those grounds. Maybe that's unrealistic.
However, please have a modicum of respect for those of us who have been there does not help your argument. It is precisely this lack of respect that allows rapes such as you describe, and I think that arguing for respect for convicted criminals will not sway the minds of your audience. Better, I think, to pursue lines of prison rape as being extra-ordinary punishment, not bounded by our system of law.
Huh huh, he said penis... (Score:5, Insightful)
Granted, the dipshit _touched_ the virus code and released a variant (albeit an extremely unoriginal one)
It was probably about as difficult as hex-editing a file. Gee. 5 minutes of dicking around is going to get him a life long prison ass pounding. Way to go, Genius.
And of course the uninformed media is going to paint the dumb bastard to be THE msblast author. Can anyone say "Scapegoat?"
Re:No blame for MS? (Score:2, Insightful)
That darn insecure Smith & Wesson!
Re:Thank you - If I had mod points, you == +1 (Score:2, Insightful)
Re:A witness turned him in?!? (Score:3, Insightful)
Re:A network administrator? (Score:3, Insightful)
Wrong initial reaction...? (Score:5, Insightful)
OK, so the MS software makes worms and virus spreading relatively easy, due to activeX, executable mail attachments and bad security "out of the box" (open ports, exposed services such as RPC etc).
Still, if a motor manufacturer sold a mass market car without locks, windows or an alarm system, would anybody buy it?
The answer is, probably not. There's the issue of personal responsability to obtain a secure car. Same with software. Maybe it's all of those major businesses and misguided "CIOs" who keep buying Microsoft who ought to be arrested. Between them and the Microsoft execs, they've managed to create an environment which makes it easy for these bored young men to create worms.
Poor 18 year old guy. Why should he be arrested? After all, what's a script(kiddie) among friends?
Re:A witness turned him in?!? (Score:1, Insightful)
We all know who's really at fault here. (Score:4, Insightful)
Where it should read....
Microsoft was responsible for one of the worst computer security outbreaks of this year.
From the BBC article found here [bbc.co.uk]
Personally, the media is more focused on promoting the stereotype of the teenage kid who has go nothing better to do that 'hack' computer systems. The emphasis should be on why it was so easy for an amateur was able to write such a destructive program. Bottom line is that Microsoft writes bad software, and people need to know this. Obviously Microsoft isn't 100% responsible for this, but making a media scapegoat isn't going to solve the underlying problem. I don't feel sorry at all for the Maryland Department of Motor Vehicles. They deserved what happened to them, it was only through their own ignorance that it happened. People in today's society want to use computer, bur rarely take the time to learn and understand even the most basic principles of how they work. And what heppens is after that, they expect techies like us to take their shit.
Re:Thank you - If I had mod points, you == +1 (Score:5, Insightful)
A relevant link: Stop Prison Rape
http://www.spr.org/
As for the hostile jerks who said you had what was coming to you and deserve no sympathy, I really hope they get to spend a night in jail too. Let's see if they are so quick to condemn people after that.
Re:Seriously? Arrest Microsoft, Inc. (Score:2, Insightful)
Companies that don't want to spend a large amount of money on employees, but don't necessarily mind spending astronimcally on license fees for MegaCorpOS. It's easy to sell windows products to suits because they use windows at home. It's not easy to sell OSS solutions because they immediately associate it with Linux which isn't as expensive as commercial unix solutions and therefore bad.
I have noticed that it's much easier to sell people on OSS/Unix backend solutions that don't require any interaction. We're finally moving our MX off of exchange to sendmail. Sendmail on Solaris, but I wasn't here when they made their initial purchasing decisions.
Start charging the folks who deploy Microsoft for negligence.
I don't like using Microsoft anymore than the next devoted Linux fan, kernel changelog reader, and developer, but I did learn something from last week's virus explosion. After we were down all of Monday, I went to my manager and explained that all of this could have been prevented had we actually used some of the features of using Win2k (group policies, etc). He just shook his head and explained that we were told we couldn't push out updates because they may break installed applications. There are, after all, developers using these machines. *groans* We've since made our case to the appropriate people in charge and can now push out all the updates we want. Prior to sobig.f and msblast/welchia the netadmin department sent out copious e-mails, reminded everyone when they saw them, and even went so far as to put pieces of paper with instructions on the doors to break rooms, the office, etc. None of the end-users patched their machines. E-mails were ignored, pieces of paper all over the office warning about the DCOM exploit and instructions for patching were ignored. The problem is slightly larger than "Microsoft Sucks" IMHO.
How many "UNIX System Administrators" do you know that are running around with exploitable desktops/servers at home/work? Who patches everything they have the day that patches are released? Overall laziness is a much larger problem than Microsoft's inability to write a secure or stable product.
Re:Thank you - If I had mod points, you == +1 (Score:3, Insightful)
It's thinking like this that makes outfits like the Taliban possible. Crime went down in Afghanistan after they assumed control, after all. Do you really want to live in that kind of state?
Re:A witness turned him in?!? (Score:5, Insightful)
This seems to be the prevailing sentiment here and honestly, it's making you all look like a bunch of script kiddies, or at the very least script kiddie sympathizers.
Fact is this 18 year old "kid" (actually, adult in this country) committed a crime if he wrote this virus variant and distributed it. While he's still innocent until proven guilty, I fail to see how it's "sad" to get any virus writer - big or small - out of the virus writing business.
This is the way law enforcement works. You can't catch everybody who commits a crime, and if you don't show that you're actively enforcing the law, there will be more criminals. Study after study after study have shown this to be the absolute truth. Even if they don't catch the writer of the original Blaster, catching this guy and making an example out of him - as well as any other virus writers they no doubt will catch in the future - will act as something of a deterrent. You're all operating under the assumption that this guy is a small-fry writing viruses in his spare time - you think it's worth it to a guy like that to risk jail time? No, and this will cause others like him to think twice.
Obvious analogy - when there aren't any cops around, I see a lot of people run red lights. When there is a cop stationed at an intersection, I see nobody running red lights. Funny how that works.
And if his punishment is harsh, so what? If he's found guilty, he's a criminal. He deserves whatever he gets at that point. People need to take responsibility for their own actions and realize that their actions have consequences, both for the people they directly affect (ie. those infected by this variant of the Blaster virus) and for themselves. You'd think Slashdot readers would have a little more grasp of this concept than most (being open-source advocates), but it appears this may not be the case.
Prisoner rape is funny, ha ha (Score:4, Insightful)
Rape is immoral. Rape is inhuman. Rape is cruel and unusual punishment, and we have laws against that. I always find it entertaining how our entire prison establishment feels these laws are unimportant, and our culture thinks that jokes about young, weak, and sometimes innocent people getting forcibly sodomized is a fabulous thing to joke about. Wait, no, I don't find it entertaining. I find it makes me sick to my stomach.
It's also heartening to see every prison rape joke getting a +5, Funny. Thank you, moderators. Great way to get karma. Keep up the good work.
Help Stop Prisoner Rape [spr.org] by not treating it like a joke.
Re:A witness turned him in?!? (Score:3, Insightful)
On the other hand: its kind of like someone walking past a masacre, picking up the gun the culprit left and shooting everyone who still twitches.
MS/Terrorism/18yrold? (Score:2, Insightful)
Re:A witness turned him in?!? (Score:5, Insightful)
It's not a matter of whether he is guilty or not, but whether he is going to get a punishment that will fit the crime.
I wouldn't be surprised if the media makes this out into another Kevin Mitnick [kevinmitnick.com] scenario.
Re:One word: (Score:3, Insightful)
And he shouldn't. At 18 he knows the score for breaking the law. He also knows the damage this virus could cause.
People who say he's just a misunderstood child, or that he didn't really cause any harm are kind of kidding themselves. Millions were spent cleaning up this mess, and at 18 he may be childish; but he's not a child.
By all means, keep going after the bigger fish; but don't give this punk a pass just because he's 18. He knew what he was doing, and he knew the consequences. Now let him face them like a responsible adult.
What to do with this kid? (Score:5, Insightful)
1) Does this kid need to learn his lession in jail?
No, This kid is young. He's stupid. I'm sure he didn't do this realizing that he'd be headed to jail in a few months (if proven guilty). But what do you do with someone who's broken the law like this? Send him to Microsoft to learn how to fix bugs and become a programmer? Take him to the programmer who was responsible for the bug and tell them that this 18 year old kid made him look like a dumbass? Who knows?
2) Does Microsoft need to fix their insecurities?
This is as much MS's fault as it is anyone elses. I mean, if I bought a car (I hate to bring the whole car analogy thing up again) and someone came along and leaned up on it wrong and it stopped working. I'd be pissed at the manufacturer, not so much the leaner (who is laying on the ground with a bloody nose by now).
Just some thoughts.
T.
Re:A witness turned him in?!? (Score:4, Insightful)
NO NO NO NO! He deserves a punishment fitting the crime. If he wrote one variant, he should NOT be incriminated based on the damage done by ALL the variants. Sure he should get into serious trouble. Sure he should probably do some jail time. But my fear is that people will get carried away because of all the virus/worm activity lately and give him a lot worse than he's due. We'd like to think the justice system is above that, but sadly thats not always the case.
Re:Vote on it! (Score:2, Insightful)
Re:you are clueless or evil. (Score:5, Insightful)
The logic here is unbelieveable. So if you forget to lock a window in your home, and a burglar comes in and steals your stuff, and the burglar gets caught, YOU should be prosecuted for burglary for leaving the window open?
Yeah, some might say YOU should be more careful for not locking the window... but the REAL criminal still is the burglar that took your stuff! M$ has some serious problems, but that doesn't mean we should lose all of our common sense JUST to attack them some more.
Does M$ software have security issues? Yeah. Should script kiddies be let off easy because they take advantage of these problems? No. They are no better than the burglar that entered your unlocked window!
We need to start making people take responsibility for their own ACTIONS and quit blaming others. It's like blaming a door-lock manufacturer because someone can pick the lock! There will always be people that take UNLAWFUL advantage of real or perceived situations. That doesn't mean they are any less to blame for their actions.
Prisoner rape is IRRELEVANT. . . . (Score:3, Insightful)
As far as prisoner rape goes, it's a crime of violence, every feminist tells us so. If J.Random Virus Hacker goes to jail and gets raped, he/she reports the crime. The Authorities then have their job to do. . . if they don't do it, I'm sure they'd enjoy a spell in jail themselves.
On the other hand, nobody ever said prison was supposed to be all Tea and Crumpets, either: it's punishment for crimes committed and convicted. . .
Re:you are clueless or evil. (Score:2, Insightful)
No. There's another word for it: lynching.
Re:you are clueless or evil. (Score:2, Insightful)
What a moronic statement - spoken like a true 14 year old.. If someone is driving a Corvette at 120 mph in downtown NYC and kills a pedestrian, is it Chevy's fault for making a car that goes that fast? Of course not.
Granted MS could do a better job of securing their OS's. But just because you CAN write a virus doesn't mean you SHOULD. There's some personal responsibility that we all need to take.
Re:A witness turned him in?!? (Score:5, Insightful)
Not quite; it just means he doesn't have as good a lawyer as the prosecution.
Re:Prisoner rape is IRRELEVANT. . . . (Score:5, Insightful)
The punishment is incarceration, it is NOT sodomy. I have never heard a judge say in his/her verdict, "and I convict the defendant to 5 years of incarceration, with the occasional guy holding him down and taking him anally". NO. It's against the law. Just because it's prison, it doesn't mean it's alright to break laws. Gee, if that's the case, you could slip small boys into the prison for the whole yard to have a little fun with, jesus.
Re:Generalizations about black men are funny ha ha (Score:1, Insightful)
Re:writing viruses shouldnt be illegal (Score:3, Insightful)
What if I write a virus for my own education. I simply want to know if I can.
What if it accidentally infected my own computer.
It's not illegal to write viruses/worms/trojans and its not illegal to get infected, now what? I suspect one could get arrested for negligence(sp?), but really, what would happen in that situation?
Writing code should never be illegal IMHO. Just like making a hammer or a gun shouldn't be illegal. Using that code/hammer/gun to commit a crime should be illegal. Being clumsy is somewhat illegal already isn't it?
Re:Huh huh, he said penis... (Score:2, Insightful)
yeah, those decompilers are real handy.
Re:A witness turned him in?!? (Score:5, Insightful)
I don't think the parent poster made any comments about WHAT the punishment should be, so please don't start citing rather harsh treatments to make your argument look more interesting. You could have just as easily made the statement, "By your rationale, we should start putting graffiti artists in jail for a month because that would be 'something of a deterrent.'".
Anyway, consider the fact that even though this guy only modified an existing virus, his crimes are EXACTLY the same as those of the original programmer. Writing a virus isn't a crime. Unleashing it and causing damage (economic or physical) to the property of others IS a crime. By modifying the virus, he created a new pattern that virus scanners would not recognize and thus was able to create similar damage as that of the original virus. Please explain to me how this isn't as bad as what the original author did.
My argument, by the way, is similar to ones made against the DMCA. The DMCA is being used to prosecute people who construct devices that CAN by used to circumvent copy protection. However, I think most of us agree that the real culprits are those that use it for such. In the case of viruses, if I construct a new virus, but never let it loose, am I guilty? If you manage to swipe a copy of the virus while you're at a LAN party at my house and then let it loose, aren't you the guilty one? If both of us unleash copies of the virus, aren't we both guilty?
Why Prison? (Score:4, Insightful)
It seems that everyone here is focused on putting this guy in prison. I really can't justify putting someone who wrote a virus in prison while CEOs who have stole billions roam free.
Not to mention, there were two components to this problem. People need to stand up and take some responsibility when thier machines get infected. Personal firewalls and anti-virus have become common place, so I don't take that as an excuse.
Yes, the kid should get some probation, possibly some community service managing / repairing systems for underprivelaged folks. But then that would depend on the legal system being motivated by rehabilitation and not retribution.
Yawn, Yawn, Yawn (Score:3, Insightful)
Repeat the mantra. If its bad for Microsoft, can be blamed on Microsoft, or through sleight of fact be pinned on Microsoft
IT MUST BE GOOD FOR LINUX!
A crime is a crime. Just because they catch only a few looters during a riot doesn't mean they should go easy on them. Sorry, going easy just because he is not the only guilty party is stupid.
I guess that if you only kill one person its fair to get 7 years, but if you kill many you life (or death)... unless they were really bad people???
Logic like yours is what makes this community look bad.
Re:Thank you - If I had mod points, you == +1 (Score:4, Insightful)
I'm with George Carlin on this one (not a direct quote, haven't listened to the album in a while): 'People keep saying that this isn't funny, or that isn't funny, or that you shouldn't joke about things. Like rape. You shouldn't joke about rape - it isn't funny. Well, anything can be funny. Rape can be funny. For example: Picture Porky Pig raping Elmer Fud. Now that's funny! Why do you think they call him Porky?'
People's sense of humor is completely unrelated to what they think SHOULD be funny. I don't find prison rape to be amusing. I know that we have a 60% misconviction rate for capital offenses, nevermind more minor ones. That isn't the reason I don't think it's funny, though. People DO NOT have control over what they think is funny. Lecturing them isn't going to help.
I find Canadian jokes to be amusing. I have a lot of Canadian friends. The only person I work with with a decent sense of humor is Canadian (and I get a lot of the jokes from him, too). And guess what? My father is over 1/2 Canadian.
All this PC crap has gotta stop. You don't think it's funny, fine. Other people do. That isn't even their choice! Don't get mad at them for it.
I love /.'ers (Score:2, Insightful)
Me: By that logic, the CEO of Honda and about a half other dozen car companies should go to jail for failing to make their cars more difficult to steal. And of course the guy who steals the car is just a scapegoat who we should actually be thanking for forcing car companies to install better locks.
Me: I see. And if someone breaks into your house by smashing a window, then the window manufacturer should be put in prison for failing to make the glass bullet-proof. And if the criminal walks off with your new TV then Sony should be sued because the TV didn't come with a chain and padlock. Well, now that we know what your computer thinks about all of this, have you tried applying some common sense to the issue?
Blame everyone except the criminal. How Juvenile. How Slashdotish.
-- LD
Re:Generalizations about black men are funny ha ha (Score:5, Insightful)
Re:Prisoner rape is funny, ha ha (Score:3, Insightful)
Folks I think this is a well disguised troll.
Re:A witness turned him in?!? (Score:1, Insightful)
When you read "witness", think "accomplice."
Someone got caught doing something else, and in order to save his own skin, bargained in exchange for testimony and evidence...
Re:Prisoner rape is IRRELEVANT. . . . (Score:1, Insightful)
Have some mercy, why don't you? I'm sure someone can look at your life and tell you all the things you did "wrong". Probably, with the right soft spot, it is possible to completely shatter a person, any person, in a matter of sentences. So hey. Who are you or anybody else to start talking about what another human being deserves?
A lot of people who commit crimes are confused individuals. They deserve our sympathy and compassion, believe it or not, just like any other human being.
Now, I'm sick of hearing cold, conservative, excuse me for calling it this but American views of "justice" that simply have no heart. "Love thy neighbor." Ever hear of that one?
Re:you are clueless or evil. (Score:1, Insightful)
There's some personal responsibility that we all need to take.
Watch out, ipxoidi, you're going to get yourself in trouble for saying that. Psychobabble says that our 'environment' is responsible for our behavior, not our own hearts. To suggest that virus writers WANT to write them is tantamount to slander, and could set you up for huge lawsuit. (Note: Tongue firmly planted in cheek)
In all seriousness, yes the problem was with Microsoft software, but in reality the patches were available almost full month before the blaster worm was released. As a result, those corporations who had not patched their systems (and blocked the relative ports at the firewalls) should share a LARGE chunk of the blame, but the ultimate blame rests on those who exploited the vulnerabilty, regardless of their motivation. Just because the door is open, doesn't give you the right to come in.
I'm not a coder, so I may be sticking my neck out on a limb here, but how many University programs teach responsible (read: secure) coding? I know many, many tomes have been written on the subject, but is it really TAUGHT at the University level, where the majority of the corporate coders come from? If the mentality were in place, do you think we would have as many vulnerabilities in any software used/sold? I, for one, would like to think that we would not.
An even bigger culprit is the 'point and click' mentality that has developed from overuse of GUI. This is fostered in the workplace by the lack of training given to end users because XYZ Corp only has 4 IT guys to support 10,000 users. Hyperbole, and I know it, but intentional use to point out the simple fact that in most companies, GUI=Easy, hence Dick and Jane don't need to be trained.
I have been a consultant in places where the CEO doesn't use a computer because he doesn't understand them. Instead, his AA prints out relative e-mails, the CEO reads and write responses, which the AA puts back into e-mail. Consequently, the use of computers internally was limited to managers, while the workers used pencil and paper. Can you imagine an entire accounting department using pencil and paper? 30 people? The data was then chunked back into spreadsheets by 5 AA's and those spreadsheets reviewed by a Chief Accountant who put the data into the financial software. CSR's used pencil and paper and actual BOOKS to read the problem response out of. The had a complicated numerical system to refer to problems, the CSR's made checkmarks by the appropriate column, tallied them at the end of the workday, and 4 AA's put this data in a Spreadsheet for the CSR Manager to review.
Sure, their computer costs were reduced--the network only had 25 PC's on it, they were running NetWare 3.22, so it was a very stable network; I only visted them to install Novell updates and fix printers (install toner cartridges mostly) and computers. E-mail was handled via Eudora--they used POP mailboxes hosted at an ISP. Did I also mention this was a Fortune 500 company that spun off of a Fortune 100 Company? Did I also mention that it spiraled downward to bankruptcy, was purchased cheap by some investors who sold the parts for more than they bought it for (like an old Buick)?
My point is this. It is the *perception* that learning computers is hard for the average Dick and Jane that should be fought. Unfortunately, this is a difficult mentality to combat, especially where 'Dick and Jane' are much older and never had computers when they first started working for company X. Granted, using an efficient and effective patch update system on Corporate Networks would be a boon--and to be fair, many companies do this. But, more do not, so we end up with a hodge-podge of patched systems and have problems when a vulnerability is exploited.
Vulnerability exploiters *should* be punished, regardless of whether they are the first, or thirty-first exploiter. I do not believe for a minute in the facts as presented by another poster that 'deterrence' is a distant reason for puni
No sympathy for companies that were hosed... (Score:1, Insightful)
Until next time the circus starts, --Being Monitored
SUS people (Score:3, Insightful)
1. Install SUS on one of your servers. Let it sync its updates, then log in and approve whatever updates you want to go out. Also set it up to automatically grab new updates from Microsoft every night.
2. In Active Directory, create a new group policy applied to the container that has all of your machines in it, or even to the entire enterprise. In this policy, add the Sus client MSI file to the software push (assign it).
3. Download the SUS ADM file, and import it in the group policy editor snapin. You will now see a new item under System Components - Windows Update. Select it, and set your options.... what server to go to, whether to install without user intervention (like every night at 3:00 am), and so on.
There are (free) log analyzers that will scan the log files and stuff the data into a SQL database, then produce a report from it detailing what machines installed what patches, what patches failed, and so on.
There really is no excuse. Once you do this, the ONLY thing you need to do is login to SusAdmin and approve updates from time to time (or use the hack to make it approve updates automatically every time they arrive.) This makes it a painless, easy, and foolproof process to patch all the Win2K/XP machines on your network.
Mod parent down: Racist link to important material (Score:3, Insightful)
A Google search [google.com] turns up the fact that Jared Taylor is considered "America's most dangerous racist." The rest of the American Renaissance site is full of erudite but clearly racist commentary.
Yes, prison rape is appalling, but a better link for reference on the topic is this one [hrw.org] for the original book on the subject, rather than a racist's view of the material.
Re:Huh huh, he said penis... (Score:3, Insightful)
Think about it this way:
If Blaster wasn't written, there wouldn't have been a Blaster epidemic.
If DCOM was secured by MS engineers, there wouldn't have been a Blaster epidemic.
So the virus author and MS are equally guilty. Take one out and there's no problem. Why is it the penniless virus writer instead of a huge corporation? Makes you think.
Re:Huh huh, he said penis... (Score:4, Insightful)
Maybe you should take them to court for creating 'del' - I imagine that's erased far more files than any virus ever has!
The problem, as ever, is *how* you use something, and it was the virus writers who abused the system.
Then again, maybe you could blame the millions of people out there who failed to keep their computers patched and updated, but that's another story...
Re:A witness turned him in?!? (Score:3, Insightful)
However, I don't think they'll have much of a problem finding caners. You may recall that at the time of that incident, the vast majority of Americans thought he was getting exactly what he deserved, and more than a few people thought he should get twice as many strokes as he got.
Please note my deliberate use of the word vandal. People who go around spray-painting other people's property are not artists; they are vandals and criminals. It costs real people real money to clean up their property after someone vandalizes it with graffiti, and quite commonly, as soon as it's cleaned, the vandals come back and do it again. When you put graffiti on your own property, that you bought and paid for, you can call yourself an artist if you want. When you put graffiti on somebody else's property without permission, you're a criminal and should be treated as such.
Please don't drag out Kevin Mitnick here. Kevin Mitnick broke the law, was caught, convicted, and sentenced fairly. He's a criminal. He's done his time and deserves a fresh start so he can make something honest of himself, but there is nothing good about the actions that led him to prison, and those who would defend him and call him a victim need to get a grip on reality.
Stop Crying!! (Score:2, Insightful)
if you don't understand how the author isn't liable, it works like this.
The internet is Free ground, no laws, no government, anything goes. The virus author infects a computer, then the computer sends it out to the internet. Right there is where the liablity ends for the author. Because now it's up to an other computer to accept whats coming. Unless the author physically puts the virus in the computer through none 'internet' means then they can't be liable. It was the computer's choice to accpect what was coming from the internet, and so it's liable, but since a computer can't be liable and you are liable for your own computer then you are liable for getting infected, and infecting other computers that are connected through any law governed medium, anything except the internet. Again, your now infected computer sends the infection out through the internet, there now your liablity ends, you aren't liable for those infections. And it keeps going on. So it boils down to that everyone that got infected is equally liable as the author or more, because once that virus goes through the internet all liablity for it is dropped because no laws can apply to it. Think about it. It's comparible to open waters, or something that happens out in space or on another planet.
Re:Huh huh, he said penis... (Score:2, Insightful)
Also, while I sympathize with the sentiment, I feel the logic you use is flawed. For example, a pedistrian gets hit by a drunk driver. If the pedistrian wasn't there he wouldn't have been hit, but it's still the drunk driver's fault.
Re:No sympathy for companies that were hosed... (Score:2, Insightful)
Similar crimes (Score:3, Insightful)
Let's then view the person they caught as someone who stumbled across the tunnels after the original bank robber got away, and used the tunnels to get into the vault and grab a few pieces the original bank robber left behind.
At this point, we can easily drum up sympathy for the second bank robber because his was a crime of opportunity -- he would never have gotten into the vault/released the virus if someone else hadn't already broken into the vault/written the virus first. We can also easily feel that his prosecution is unjust, as the "real" bank robber (who did far more harm) got away. So all of you who might feel that way, your feelings are reasonable and understandable. I had them at first, too.
They're also misguided, because his actions DID cause harm, and he did make a conscious decision to take the opportunity that presented itself. Your feelings would be better spent on someone who did no actual harm, and was instead being framed for a crime they did not commit.
Now, if the prosecutors in this case try and convict this person for writing the ORIGINAL virus, THEN it might be reasonable to have those feelings again. It would be akin to the second bank robber being blamed not for picking up scraps, but for the tunnels and major robbery that he didn't commit. In a way, he's being framed for a LARGER crime than he committed.
Then again, how do we know he didn't commit the larger crime? He could always just be claiming to be someone who found the tunnels afterward/renamed someone else's virus and sent it out. We can't be sure, and until someone else comes along as a suspect, most people would probably assume he was responsible for the whole thing.
Whew. Long post.
The lesson is this: don't be foolish enough to commit a crime of opportunity, lest you be charged with an enormity of crimes perpetrated by others who had the same opportunity -- or made the opportunity in the first place.