Yeah I know the logic behind it and that the hard-cored hackers already know about the vulnerbilities, etc. The fact remains that the customers (like my employer) are at risk and will be at greater risk now that it is guaranteed that every hackers and lackeys know about the vulnerbility. What is this about Alex K releasing a version 2.0 of his rootkit where
"The new version will allow attackers to disguise malicious elements without modifying the database views, Kornbrust said. Also, evidence of the hack will disappear whenever the database is restarted, Kornbrust said."
Okay, what is the purpose of the rootkit, then? This is akin to saying that you are designing a tool (not for the sole purpose of destroying or killing someone) but never did put in the necessary safeguards to ensure that the tool cannot be misused by accident (at least guns have safety locks that has to be dis-engaged before they can be fired). Can my employer sue Red Database Security if the rootkit was utilized by a hacker to cover their tracks after setting up backdoors and data logger?
Edited: Feb 2/06
As RN pointed out in his comment, that I had misunderstood the nature of rootkit. My apologies and my thanks to RN. I've edited the entry to clarify what I really meant to say. My original statement was "Can my employer sue Red Database Security if the rootkit was utilized by someone to hack into their databases?" which was totally incorrect as the nature of a rootkit