Re: Botnets, IRC servers and firewalls?

["Marcus J. Ranum" <mjr () ranum com>]

Gadi Evron wrote:
> A user that runs an un-protected machine, or anyone for that matter, can be used to DDoS, spam, bounce hackers, commit 
> frauds, etc.
>
> Who should be held liable for actions committed from that machine? Is this "the Trojan horse defense" again?

What I think is confusing this issue is that most people aren't comfortable
with the concept that there's plenty of blame to go around. We want it to
all land on one party. But that might not be the case. Legal philosophers
would talk about this in terms of liability, moral philosophers in terms of
responsibility. The end result is pretty much the same. No, you cannot give
the user 100% of the blame if a hacker uses their unsecured machine to
attack someone else. After all, if the hacker hadn't abused the machine,
nothing bad would have happened. Indeed, blaming the victim is not a
particularly acceptable answer, from a moral standpoint - and in the
example above the user is also a victim. So you may have several parties
who bear some responsibility, and you may have several parties who
suffer varying degrees of damage. Legal systems are pretty used to
dealing with these things - they just take time to catch up.

mjr. 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards