![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
Re: Nato warns of strike against cyber attackers
From: Owen DeLong <owen () delong com>
Date: Wed, 9 Jun 2010 04:21:07 -0700
On Jun 8, 2010, at 10:37 PM, Paul Ferguson wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Jun 8, 2010 at 10:22 PM, Owen DeLong <owen () delong com> wrote:Please, be for real -- the criminals go after the entrenched majority. If it were any other OS, the story would be the same.If this were true, the criminals would be all over Apache and yet it is IIS that gets compromised most often.Actually, that is another fallacy. The majority of SQL Injections are on Apache-based systems.
SQL injection is an SQL attack, not a compromise of the HTTP daemon itself (usually partially a compromise of PHP or similar scripting language). The majority of compromises (buffer overflows, etc.) against the web server itself are IIS.
Look, this isn't a blame-game in which we need to point out one vendor, operating system, plug-in, browser, or whatever.
Agreed... All vulnerable vendors should be treated the same. If you are selling software without source code and making money as "professional developers" by selling that software, then, it should come with liability for the damages caused by your failure to secure the software properly. If you're providing source code and allowing others to use it and you are not getting paid for developing it, then, obviously, it is ridiculous to hold you liable since the person who chose to use your source code has the ability to fix it to resolve any security issues.
The problem is that it is a wide-spread problem wherein we have millions of compromised consumer (and non-consumer) hosts doing the bidding of Bad Guys.
Yep.
I would certainly love to hear your solution to this problem.
Hold the owners of compromised systems financially liable for the damage they do. Make it possible for said owners to subrogate such claims against any suppliers of commercial closed insecure software which contributed to the compromise of their systems.
And stop pointing fingers.
No finger pointing there, just actual liability targeted at those actually resposnible. Owen
Current thread:
- Re: Nato warns of strike against cyber attackers, (continued)
- Re: Nato warns of strike against cyber attackers Hank Nussbacher (Jun 08)
- Re: Nato warns of strike against cyber attackers Joe Greco (Jun 09)
- Re: Nato warns of strike against cyber attackers Dave Rand (Jun 08)
- Re: Nato warns of strike against cyber attackers Jorge Amodio (Jun 08)
- Re: Nato warns of strike against cyber attackers J. Oquendo (Jun 08)
- Re: Nato warns of strike against cyber attackers Owen DeLong (Jun 08)
- Re: Nato warns of strike against cyber attackers JC Dill (Jun 08)
- Re: Nato warns of strike against cyber attackers Paul Ferguson (Jun 08)
- Re: Nato warns of strike against cyber attackers Owen DeLong (Jun 08)
- Re: Nato warns of strike against cyber attackers Paul Ferguson (Jun 08)
- Re: Nato warns of strike against cyber attackers Owen DeLong (Jun 09)
- Re: Nato warns of strike against cyber attackers Jorge Amodio (Jun 08)
- Re: Nato warns of strike against cyber attackers Hank Nussbacher (Jun 08)
- Re: Nato warns of strike against cyber attackers Barry Shein (Jun 09)
- Re: Nato warns of strike against cyber attackers Henry Yen (Jun 10)
- Re: Nato warns of strike against cyber attackers Larry Sheldon (Jun 10)
- Re: Nato warns of strike against cyber attackers Chris Adams (Jun 09)
- Re: Nato warns of strike against cyber attackers Larry Sheldon (Jun 09)
- Re: Nato warns of strike against cyber attackers JC Dill (Jun 09)
- Re: Nato warns of strike against cyber attackers J. Oquendo (Jun 08)
- Re: Nato warns of strike against cyber attackers Larry Sheldon (Jun 08)