Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Support the Sasser-author fund started

From: "Micah McNelly" <micah () style net>
Date: Thu, 13 May 2004 11:32:17 -0700
I wonder if people forget the liability that any organization inherits if
they do NOT maintain a above standard protection scheme for their
network/hosts.  Misconfiguration of network hosts/machines after being
NOTIFIED of a OS flaw or other should deem that organization responsible.
Smurf was a great example.  Following the postings of actual usable
broadcast hosts, most organizations did NOT fix the problem.  The vendors
were left to deal with the issue.   Maybe companies should start hiring
clueful people that care about not only their internal infrastructure but
the last mile facing their own customers.  IE.  All last mile providers.
You can't expect end users to maintain their own machines.  They want
solitaire.

Rant,

/m

----- Original Message -----
From: "Aaron Gee-Clough" <lists () g-clef net>
To: "Full Disclosure List" <full-disclosure () lists netsys com>
Sent: Thursday, May 13, 2004 9:17 AM
Subject: Re: [Full-disclosure] Support the Sasser-author fund started



Duquette, John wrote:

Why not punish all the admins/users who failed to patch their systems in
time as well.


Because they didn't break the law.  It's really that simple.  If you're
saying that you think there should be a law to force people to patch
their systems in a timely manner, that's a different issue.  (and one
that will lead to all sorts of unintended problems...think about it for
a while.)

Aaron

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: