[71205] in North American Network Operators' Group
Re: Even you can be hacked
daemon@ATHENA.MIT.EDU (Crist Clark)
Thu Jun 10 17:54:43 2004
Date: Thu, 10 Jun 2004 14:54:07 -0700
From: Crist Clark <crist.clark@globalstar.com>
In-reply-to: <20040610165154.F22420@thunder.xecu.net>
To: Andy Dills <andy@xecu.net>
Cc: "Laurence F. Sheldon, Jr." <LarrySheldon@cox.net>,
nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
Andy Dills wrote:
> On Thu, 10 Jun 2004, Laurence F. Sheldon, Jr. wrote:
>
>
>>Jeff Shultz wrote:
>>
>>
>>
>>>But ultimately, _you_ are responsible for your own systems.
>>
>>Even if the water company is sending me 85% TriChlorEthane?
>>
>>Right. Got it. The victim is always responsible.
>>
>>There you have it folks.
>
>
> Change the word "victim" to "negligent party" and you're correct.
It would be great if there always was a negligent party, but there is
not always one. If Widgets Inc.'s otherwise ultra-secure web server gets
0wn3d by a 0-day, there is no negligence[0]. Who eats it, Widgets Inc.
or the ISP?
So how about this analogy: Someone breaks into my house and spends a few
hours on the phone to Hong Kong. Who eats the bill, me or my LD carrier?
Neither of us was negligent.
[0] Unless someone can prove the software flaw was sloppy enough that it
constitutes negligence and goes after the software authors. Good luck with
that.
--
Crist J. Clark crist.clark@globalstar.com
Globalstar Communications (408) 933-4387
