Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases

[Valdis.Kletnieks () vt edu]

On Wed, 27 Jun 2007 22:01:33 CDT, Dennis Henderson said:
> Can anyone explain how getting pnwed by a keylogger or a trojan is not their
> fault? Do we have to argue what "fault" is? I hope not, becuase that could
> take days... :)

Hmm.. there was a bunch of Italian websites serving up exploits pretty
recently.  Who's fault is it if you visit some presumably trustable and
legitimate website that you've been visiting for *years*, and that morning
they got hacked and send your copy of IE an exploit for a yet-unpatched
vulnerability?

Or even better - a 3rd party site that does banner ads and the like is the
one that got hacked.

So you visit www.snopes.com, and you find out the hard way that www.burstnet.com
was pwned.

Care to explain to me how *THAT* is the fault of any Joe Sixpack?  Remember
that if you say it's their fault, you *also* need to provide *workable*
advice on how they were supposed to prevent it.  Good luck explaining
noscript.net to Joe Sixpack, let me know how that works out for you...

> Does anyone have the balls to admit that they have been pwned thru no fault
> of their own? I would love to hear that story.

There's this security person by the name of Raven Adler.  I suggest you ask her
who's fault it was she got nailed by a MacOSX 0-day in front of everybody, and
how things turned out when she went to talk to Apple about it...

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.