Re: Compromised machines liable for damage?

[Richard A Steenbergen <ras () e-gerbil net>]

On Wed, Dec 28, 2005 at 11:17:11PM -0500, Barry Shein wrote:
> To beat a dead horse just a little harder the problem I have is when a
> certain company kept distributing software with security flaws
> specifically because they're profiting from those flaws.
>
> For example, graphics libraries which accept binary code chunks to be
> executed in kernel mode without limits for support of quick screen
> updates in games considered of marketing importance. Blaming it on the
> games vendors seems inadequate, particularly over several years and
> releases of each.
>
> That's just pure economics and, hence, profiting on others' serious
> pain.

And yet, I'd bet $10 that:

* They know this.
* They are just implementing what their customers demand.
* They accept that allowing direct access in order to obtain performance 
  at the experience of security is a necessary model in a wide variety of 
  situations, particularly gaming.
* They don't give a flying crap what a bunch of perceived whining kooks on 
  NANOG think about that tradeoff. God knows, I wouldn't. :)

-- 
Richard A Steenbergen <ras () e-gerbil net>       http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)