sasser author gets off easy-style...

the d00d who authored the sasser worm got probation because he was only seventeen when he wrote it (though he apparently released it on his eighteenth birthday).

now, call me crazy, but shouldn't it be based more on his intent than his age? proofs of concept and experiments that get out of hand are one thing, but deliberately trying to take down as many boxes and cause as much havoc as possible are quite another.

don't get me wrong, here, either. from what i've read about the case, the sentence seems pretty fair to me. and believe me, we need more level-headed, educated people when it comes to handling 'computer crime', if that's what you wanna call it. i mean, half the people making laws and deciding cases don't truly understand the technologies and situations they're making decisions on. education is what we need.

there's something else about this case that doesn't quite sit right with me--microsoft.

whoever narced jaschan out apparently did so because of a $250,000 reward from the redmond beast. now, that's all well and good, but they're obscuring the point.

and that is, a patch existed for the exploit sasser used. in fact, according to them, the patch was out first. all people hadda do was install it.

this is nothing new. systems will _always_ have flaws and someone will _ALWAYS_ find these flaws. that's just the way it is (until someone comes up with a perfect computer program and a perfect computer to run it on...).

hiding these exploits, keeping them quiet, pretending they don't exist does not solve anything. in fact, it's quite the opposite. that knowledge has to be made available. solutions have to be synthesized and implemented quickly.

so-called 'underground' or 'hacker' media ('zines, mailing lists, irc channels, internet radio) do a lot when it comes to getting the word out, and educating people. some sources have good intentions, some have less-than-benevolent motivations, but the point is, they're getting the knowledge out in the hands of the people. and that's what's important.

just because some 'sploit might be unknown to the general public doesn't make anybody any more secure. _somebody_ still knows about it, and in the mean time, that knowledge can be used to attack systems (or create worms, scripts, and virii which, in turn, attack even more systems on an exponential scale).

now, once that happens, somebody's gonna figure out what's going on and how to stop it, but by then the damage is done.

by getting the word out as soon as possible, more minds can get involved, a solution can be formulated more quicly, and public awareness is raised (offering an extra layer of protection in the form of 'common sense' often missing from security portfolios these days).

anyhow, i digress.

if he was less-than-malicious, at least his life's not wrecked (and if he was just doing it to be a dick, then i guess he just got off easy..), as they tried him as a minor.

but, i still feel uneasy about it. what's the difference between 17 and 18, really? i know plenty of minors who have their shit together better than some of the forty year olds i know.

i just don't know about the whole 'tried as a minor' thing. i mean, what kind of message does that send to kids? society on the whole doesn't treat the underage portion of the population with enough respect and understanding.

kids are people, just like everybody else. maybe they haven't learned as much, or conformed to as many of the social norms and rules as an 'adult', but whatever. kids are effing smart.

i'm gonna shut up now.

--cid

0wn yourself