[55168] in North American Network Operators' Group
Re: Level3 routing issues?
daemon@ATHENA.MIT.EDU (Daniel Senie)
Sat Jan 25 15:36:11 2003
Date: Sat, 25 Jan 2003 13:06:12 -0500
To: nanog@merit.edu
From: Daniel Senie <dts@senie.com>
In-Reply-To: <Pine.GSO.4.44.0301250851320.25372-100000@paixhost.pch.net>
Errors-To: owner-nanog-outgoing@merit.edu
At 11:56 AM 1/25/2003, Bill Woodcock wrote:
> > > Dunno, arent they negligent?
> > > In any other industry a fundemental flaw would be met with
> lawsuits, in the
> > > computer world tho people seem to get around for some reason.
> >
> > Not true, look at cars and recalls. Also as I understand it MS
> > issued a fix for this sometime ago - it the users who didn't
> implement it!
>
>Uh, lemme see if I get your argument. People who buy exploding cars from
>Vendor M are at fault when the cars explode, since cars from Vendor M
>always explode, and Vendor M always disclaims responsibility, since
>someone usually points out in advance that the cars will explode?
To further torture analogies: So what type of vehicles ARE safe for the
road, and for which roads? Taking a lawn tractor out on the Interstate
surely is the fault of the driver, and not the manufacturer. At what point
do folks figure out that putting production servers out on the Internet
with no protection whatsoever is an invitation to abuse? Firewalls may not
be perfect. Server software may not be perfect. Layering security can sure
help.
It appears this worm only sought to annoy. Perhaps the next one that goes
after the mass of unpatched MS SQL servers will instead take the
opportunity to raid these servers for personal information? The
opportunities for mass-scale identity theft are rather staggering.
