[71184] in North American Network Operators' Group
RE: Even you can be hacked
daemon@ATHENA.MIT.EDU (McBurnett, Jim)
Thu Jun 10 14:53:32 2004
Date: Thu, 10 Jun 2004 14:47:32 -0400
From: "McBurnett, Jim" <jmcburnett@msmgmt.com>
To: "Laurence F. Sheldon, Jr." <LarrySheldon@cox.net>,
<nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
Laurence F. Sheldon, Jr. wrote:
>Even if the water company is sending me 85% TriChlorEthane?
>Right. Got it. The victim is always responsible.
>There you have it folks.
Ok.
Being resposible as network manager, if I think something is strange and =
I nor my staff
can fix it. I call for help. Either Vendor support, a good consultant, =
or community help.
In many cases the Victim always has some portion of responsibilty.
If I leave a Windows 2000 server SP 0 no security fixes on my network, =
get it hacked and have
a lawsuit cause XYZ company caught a hacker attack from it.... who is =
the Victim? who is responsible?
This may be exactly what that guy did....
I think Sean sent out the California law reference last year that said =
the VICTIM of a security
breach must report it to their customers...=20
I think we have alot of operational issues that we must look at here..
What do we do?
Many AUP's I have seen would have shut down that customer, if someone =
complained.....
Does this mean if we go to a for profit bandwidth charge system that we =
let people destroy others with the worms
they have for money we would get chargeing for the worm attack?
Jim
