Re: Recent Attacks

["Philip J. Koenig" <pjklist () ekahuna com>]

On 16 Feb 00, at 10:40, David LeBlanc boldly uttered: 
> At 10:59 PM 2/15/00 -0800, Philip J. Koenig wrote:
>
> > You mean Mitnick?  As far as I can see, the figures that were thrown 
> > around supposedly putting a price tag on the 'damage' he did were
> > pure unfounded fantasy.
>
> That's what happens when you damage someone.  All of a sudden, the worn out
> car you'd sell for $1000 becomes a well-maintained collector's item worth
> at least $5000.


Trumping up your damages to make your loss appear bigger and
the punishment higher is unethical.  Judges routinely throw
such drivel out of court. (except in hacking cases, it appears)


> I agree with Marcus - once the vandals are caught, they ought to sue them
> back into the stone age.


It would be hard to argue with any credibility that Mitnick did
much damage to his "victims".  On the other hand, the damage and
loss of business suffered by the major dot.com sites as a result
of the recent DoS attacks is tangible and easily quantifiable.
(if you assume those who wanted to buy something during the 
attack will never return and try again)

There is of course the question of how much blame a site should
take themselves by not being well-enough secured.  The recent
type of DoS attacks are hard to defend against. (or at least 
hard to track down the perpetrator) 

On the other hand, if you have buggy old sendmail or imap or 
ftp daemons on your system and they're open to the world, I have 
a hard time feeling sympathetic when you try to throw all the 
12-year-olds in jail that are capable of exploiting you.