[87577] in North American Network Operators' Group
RE: Compromised machines liable for damage?
daemon@ATHENA.MIT.EDU (Hannigan, Martin)
Mon Dec 26 22:07:53 2005
Date: Mon, 26 Dec 2005 22:07:20 -0500
From: "Hannigan, Martin" <hannigan@verisign.com>
To: "Joseph Jackson" <jjackson@aninetworks.com>
Cc: "NANOG" <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
This is a multi-part message in MIME format.
------_=_NextPart_001_01C60A92.A6EF9E3F
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
If you want to choke off freeware(gnu, et. Al), sure, go after them. I =
doubt the licensing agreement allows it though. (IANAL).
I think all you'd do is encourage people to write more music about =
'freeing the software'. I'd rather not be stricken in that fashion.
I think that angle is DOA.
Martin
-----Original Message-----
From: Joseph Jackson [mailto:jjackson@aninetworks.com]
Sent: Mon Dec 26 03:13:02 2005
To: Hannigan, Martin
Cc: NANOG
Subject: RE: Compromised machines liable for damage?=20
What about the coders that write the buggy software in the first place?
Don't they hold some of the responsibility also? IE I am running some
webserver software that a bug is found in it. Attackers use that bug in =
the
software to generate a DOS attack against you from my machines. No =
update
has been released for the software I am running and/or no warning as =
been
released. You sue me I sue the coders. What a wonderful world. (I'm =
not
for this but its another side of the issue.)
=20
_____ =20
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
Hannigan, Martin
Sent: Sunday, December 25, 2005 9:22 PM
To: Steven M. Bellovin
Cc: Dave Pooser; NANOG
Subject: Re: Compromised machines liable for damage?=20
=20
=20
Yes, I agree. As usual, I too am 'IANAL'.
Marty
-----Original Message-----
From: Steven M. Bellovin [mailto:smb@cs.columbia.edu
<mailto:smb@cs.columbia.edu> ]
Sent: Sun Dec 25 23:52:27 2005
To: Hannigan, Martin
Cc: Dave Pooser; NANOG
Subject: Re: Compromised machines liable for damage?
In message
<80632326218FE74899BDD48BB836421A033001@Dul1wnexmb04.vcorp.ad.vrsn.c
om>, "Hannigan, Martin" writes:
>
>Dave, RIAA wins almost 100pct vs p2p'ers ir sues. Its an interesting =
=3D
>dichotomy.
>
"Wins" is too strong a word, since I don't think any have gone to
court -- see
http://www.nytimes.com/aponline/arts/AP-Music-Download-Suit.html
<http://www.nytimes.com/aponline/arts/AP-Music-Download-Suit.html>=20
as my source.
Besides, it's a very different situation. For my take on liability
issues -- note that I'm not a lawyer, and note that this is from 1994
-- see http://www.wilyhacker.com/1e/chap12.pdf
<http://www.wilyhacker.com/1e/chap12.pdf>=20
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
<http://www.cs.columbia.edu/~smb>=20
------_=_NextPart_001_01C60A92.A6EF9E3F
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE>RE: Compromised machines liable for damage? </TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<BR>
<P><FONT SIZE=3D2>If you want to choke off freeware(gnu, et. Al), sure, =
go after them. I doubt the licensing agreement allows it though. =
(IANAL).<BR>
<BR>
I think all you'd do is encourage people to write more music about =
'freeing the software'. I'd rather not be stricken in that fashion.<BR>
<BR>
I think that angle is DOA.<BR>
<BR>
Martin<BR>
<BR>
<BR>
-----Original Message-----<BR>
From: Joseph Jackson [<A =
HREF=3D"mailto:jjackson@aninetworks.com">mailto:jjackson@aninetworks.com<=
/A>]<BR>
Sent: Mon Dec 26 03:13:02 2005<BR>
To: Hannigan, Martin<BR>
Cc: NANOG<BR>
Subject: RE: Compromised =
machines liable for damage?<BR>
<BR>
What about the coders that write the buggy software in the first =
place?<BR>
Don't they hold some of the responsibility also? IE I am running =
some<BR>
webserver software that a bug is found in it. Attackers use that =
bug in the<BR>
software to generate a DOS attack against you from my machines. No =
update<BR>
has been released for the software I am running and/or no warning as =
been<BR>
released. You sue me I sue the coders. What a wonderful =
world. (I'm not<BR>
for this but its another side of the issue.)<BR>
<BR>
<BR>
<BR>
_____ <BR>
<BR>
From: owner-nanog@merit.edu [<A =
HREF=3D"mailto:owner-nanog@merit.edu">mailto:owner-nanog@merit.edu</A>] =
On Behalf Of<BR>
Hannigan, Martin<BR>
Sent: Sunday, December 25, 2005 9:22 PM<BR>
To: Steven M. Bellovin<BR>
Cc: Dave Pooser; NANOG<BR>
Subject: Re: Compromised machines liable for damage?<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
Yes, I agree. As usual, I too am 'IANAL'.<BR>
<BR>
Marty<BR>
<BR>
<BR>
<BR>
-----Original Message-----<BR>
From: Steven M. Bellovin [<A =
HREF=3D"mailto:smb@cs.columbia.edu">mailto:smb@cs.columbia.edu</A><BR>
<<A =
HREF=3D"mailto:smb@cs.columbia.edu">mailto:smb@cs.columbia.edu</A>> =
]<BR>
Sent: Sun Dec 25 23:52:27 2005<BR>
To: Hannigan, Martin<BR>
Cc: Dave Pooser; NANOG<BR>
Subject: Re: Compromised =
machines liable for damage?<BR>
<BR>
In message<BR>
<80632326218FE74899BDD48BB836421A033001@Dul1wnexmb04.vcorp.ad.vrsn.c<B=
R>
om>, "Hannigan, Martin" writes:<BR>
<BR>
><BR>
>Dave, RIAA wins almost 100pct vs p2p'ers ir sues. Its an interesting =
=3D<BR>
>dichotomy.<BR>
><BR>
<BR>
"Wins" is too strong a word, since I don't think any have gone =
to<BR>
court -- see<BR>
<A =
HREF=3D"http://www.nytimes.com/aponline/arts/AP-Music-Download-Suit.html"=
>http://www.nytimes.com/aponline/arts/AP-Music-Download-Suit.html</A><BR>=
<<A =
HREF=3D"http://www.nytimes.com/aponline/arts/AP-Music-Download-Suit.html"=
>http://www.nytimes.com/aponline/arts/AP-Music-Download-Suit.html</A>>=
<BR>
as my source.<BR>
<BR>
Besides, it's a very different situation. For my take on =
liability<BR>
issues -- note that I'm not a lawyer, and note that this is from =
1994<BR>
-- see <A =
HREF=3D"http://www.wilyhacker.com/1e/chap12.pdf">http://www.wilyhacker.co=
m/1e/chap12.pdf</A><BR>
<<A =
HREF=3D"http://www.wilyhacker.com/1e/chap12.pdf">http://www.wilyhacker.co=
m/1e/chap12.pdf</A>><BR>
<BR>
&=
nbsp; --Steven M. Bellovin, <A =
HREF=3D"http://www.cs.columbia.edu/~smb">http://www.cs.columbia.edu/~smb<=
/A><BR>
<<A =
HREF=3D"http://www.cs.columbia.edu/~smb">http://www.cs.columbia.edu/~smb<=
/A>><BR>
<BR>
<BR>
<BR>
<BR>
</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C60A92.A6EF9E3F--
