Full Disclosure mailing list archives
RE: Need contact in the BTOPENWORLD.COM security department
From: "Maynard, David C" <david.c.maynard () xo com>
Date: Thu, 28 Aug 2003 14:22:05 -0400
Richard is having the same problem I am having with Comcast I have sent numerous emails to abuse () comcast net and even spoken to Security at Comcast on phone to remove a client on there network for over a week and they still have not done so. What would there liability be for not responding to the problem in a quicker an immediate manner? David -----Original Message----- From: Montana Tenor [mailto:montanatenor () yahoo com] Sent: Thursday, August 28, 2003 12:36 PM To: Richard M. Smith Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Need contact in the BTOPENWORLD.COM security department Hi Richard, This brings to light an issue I have been wondering about for a while. I have no specific insight into this, however, I feel that perhaps this may be an interesting topic to some. If my machine gets comprimised because I fail to properly patch it, and then it becomes infected and then launches some attack, why am I not held liable. Perhaps you might think intent. I had no intent to harm anyone else. What about negligence? Was I not negligent in refusing to update my machine. I have heard many discussions on this list and others about how MS should be held accountable for writing bad code(I agree), how the A.V. vendors should be held accountable for programs tha run away and send millions of emails(I agree)...nobody is ever talking about the individual user taking responsibility for not following what some would consider common sense rules. Consider the following: If I see on the news that a recall is in effect for the brakes on my car and I refuse to bring the car in and get it serviced. Then I'm driving along and all of a sudden I cannot stop. I crash into several vehicles, maybe some people..who knows. When I get out of the hospital, can I not be sued for negligence. I was aware of the recall, I was notified and informed as to the danger involved but I slacked off and didnt fix the brakes. While the brake manufacturer should be held accountable for making such a crappy product that could wind up killing people, shouldnt I also be held accountable for my inaction. Ok, as relates to real world situations, if my machine is infected and its during the 0day to 1week time frame that a patch has not yet been made to counteract this specific vuln/hole and my machine runs wild then am I negligent, probably not. If its one month after a patch is released and still I dont patch and as a result of this my machine infects 10,000 other machines, am I not at some fault. The easy way out is to just swear at the guys at MS for creating bad code. What about people taking the responsiblity? So we get to this post below. Richard is attempting nicely to get this box offline so as to stop what could be a loss of millions of dollars from its actions. If you were to calculate the damage that just one machine can do by compounding it over all the machines it infects and the ones they infect and so on...its amazing to consider. I suppose you all may tear into this post for being off topic, I just would simply like to know what has happened to people taking responsibility for things. Maybe some way of making negligent people accountable for their inaction would help curve this sorry state of affairs we are in. How it this accomplished, gosh I have no clue...maybe you do? Cheers, Matt --- "Richard M. Smith" <rms () computerbytesman com> wrote:
Hello, Does anyone have an email address for a live human being who works in the BTOPENWORLD.COM security department? I've been trying for days now to get the company to disconnect a customer from the Internet who is infected with Sobig.F. In the last 12 hours the situation has gotten out of hand with the customer's computer sending me and others Sobig every 30 seconds for hours on end. The IP address of the infected computer is: Received: from host217-34-21-140.in-addr.btopenworld.com (HELO PC7) (217.34.21.140) Thanks, Richard M. Smith http://www.ComputerBytesMan.com
__________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Need contact in the BTOPENWORLD.COM security department Richard M. Smith (Aug 28)
- Re: Need contact in the BTOPENWORLD.COM security department Andreas Krennmair (Aug 28)
- Re: Need contact in the BTOPENWORLD.COM security department B.K. DeLong (Aug 28)
- Re: Need contact in the BTOPENWORLD.COM security department Montana Tenor (Aug 28)
- Sophos Anti-Virus alert: W32/Blaster-E B$H (Aug 28)
- <Possible follow-ups>
- RE: Need contact in the BTOPENWORLD.COM security department Maynard, David C (Aug 28)
- RE: Need contact in the BTOPENWORLD.COM security department Richard M. Smith (Aug 28)
- Re: Need contact in the BTOPENWORLD.COM security department Stephen Clowater (Aug 29)
- Re: Need contact in the BTOPENWORLD.COM security department Andreas Krennmair (Aug 28)