RE: [ISN] Microsoft's hacker bounty is wasted money

From: InfoSec News (isn@private)
Date: Fri Nov 14 2003 - 06:44:09 PST

  • Next message: InfoSec News: "[ISN] Al-Jazeera hacker sentenced"

    Forwarded from: Peter Dyer <TheDyerCo@private>
    
    Acknowledging Mr Vamosi's constitutional right to free speech, I can
    but wonder about his views and the agenda he is trying to advocate at
    a time when criminals are vandalizing millions of computer systems
    every day for nothing more than the sport of it.  The superstar status
    granted by the hacker community to one of their own based upon the
    scale of the impact a particular criminal effort has on the world
    population does nothing more than encourage bigger and more outlandish
    attacks.  
    
    Having someone from the professional security community and a
    publisher who supposedly advocates Information Security take the focus
    of our efforts off the criminal and then to blame the software
    provider for the millions of dollars in lost productivity and clean-up
    costs is absurd!
    
    Young hackers criminals seeking superstar status will inevitably find
    a way to circumvent computer systems protected by the most elaborate
    security programs through little more than taking advantage of the
    weakness of one inside individual and a little creative human
    engineering effort.  The millions of home users impacted in the
    process cannot possible defend themselves from the dedicated actions
    of one criminal hacker and neither can Microsoft.
    
    Placing a bounty on the heads of these computer criminals will
    encourage people with information necessary for the successful
    prosecution of these criminals to come forward.  When computer
    criminals (and their parents if they are juveniles) are held
    accountable for their action and liable for the costs incurred as a
    result of their actions and when prison becomes the residence of those
    convicted for the next 10 years, the desire for superstar status will
    be tempered with the very real possibility of arrest and confinement.
    
    Microsoft has taken an aggressive approach to resolving the problem
    faced by the individual home computer user and I, as one of those
    millions, appreciate their efforts.  Mr Vamosi is advocating the
    building of a better cheese container to keep out a mouse whose
    favorite sport is breaking into the container using the plans he got
    off the internet.  We don't need a better container. we need a very
    hungry cat.
    
    Peter A. Dyer    
    Director of Operations
    The Dyer Company
    TheDyerCo@private
    
    
    
    -----Original Message-----
    From: InfoSec News [mailto:isn@private]
    Sent: Tuesday, November 11, 2003 7:46 AM
    To: isn@private
    Subject: [ISN] Microsoft's hacker bounty is wasted money 
    
    
    http://asia.cnet.com/newstech/perspectives/0,39001148,39157414,00.htm
    
    By Robert Vamosi, Special to CNETAsia
    Tuesday, November 11 2003 8:24 AM 
     
    commentary: Last Wednesday, Microsoft, the FBI, the U.S. Secret
    Service, and Interpol, an international law enforcement organization,
    announced a US$5 million reward system for information leading to the
    arrest of individuals who write computer viruses.
    
    In particular, Microsoft is offering a quarter of a million dollars to
    apprehend the authors of last August's MSBlast and Sobig.f worms.
    
    What a brilliant PR move--something to distract the media from the
    latest Windows-based virus, MiMail.c, that's currently loose on the
    Internet. Instead of using that same US$5 million to secure the
    Windows code you and I use every day, and admitting that it's partly
    responsible for the problem, Microsoft has decided to point the finger
    elsewhere.
    
    Deja vu
    
    This situation reminds me of the current U.S. anti-drug strategy, in
    which the government spends billions of dollars on drug interdiction
    and user arrests. While it's important to reduce the flow of illegal
    substances on our streets (and I'm not suggesting we legalize all
    drugs), such arrests alone are not enough. We also need programs that
    address the addictive behavior that creates demand for drugs. By not
    focusing on the underlying causes of drug use, we are consequently
    losing the war on drugs.
    
    [...]
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Nov 14 2003 - 09:37:40 PST