Firewall Wizards mailing list archives
Re: Response to door knocking
From: JohnLNick () aol com
Date: Sun, 7 Feb 1999 21:24:05 EST
As far as US law is concerned, most criminal statutes require you to intend for the criminal action to happen (called mens rea). There are a very few crimes where intent is not required (statutory rape, for example), but I sincerely doubt that leaving a hole on your server which allows someone to launch an attack on another machine could be grounds for criminal prosecution. As far a civil liability is concerned, I see a possibility there under an action for negligence. If you knew about the hole and your decision not to patch it was not "reasonable" (as defined by a court), then your company could, theoretically, be held liable by the attacked company, since they could argue that your negligence in not patching the hole allowed them to be attacked. However, I wouldn't really want to be the lawyer to try to assert that negligence claim, and defending against it would be a lot more fun. But, I do have to say that this analysis is only based on generalities and there might be some state-specific laws that I don't know about that could change this. In general, as long as you have a security policy with policies that make business sense and are not totally out of line with the industry and you follow it fairly consistently, you shouldn't be in trouble. John Nicholson
Current thread:
- Re: Response to door knocking, (continued)
- Re: Response to door knocking Amos Hayes (Feb 03)
- Re: Response to door knocking Chris Cappuccio (Feb 04)
- Re: Response to door knocking Paul D. Robertson (Feb 04)
- Re: Response to door knocking Amos Hayes (Feb 03)
- Re: Response to door knocking Damir Rajnovic (Feb 02)
- Re: Response to door knocking Robert Graham (Feb 03)
- Re: Response to door knocking Damir Rajnovic (Feb 04)
- Re: Response to door knocking Paul D. Robertson (Feb 04)
- RE: Response to door knocking Webb, Andy (Feb 04)
- Re: Response to door knocking John McDermott (Feb 06)
- Re: Response to door knocking Joseph S D Yao (Feb 08)
- Re: Response to door knocking JohnLNick (Feb 08)