nanog mailing list archives
Re: Even you can be hacked
From: Owen DeLong <owen () delong com>
Date: Thu, 10 Jun 2004 15:06:54 -0700
It would be great if there always was a negligent party, but there is not always one. If Widgets Inc.'s otherwise ultra-secure web server gets 0wn3d by a 0-day, there is no negligence[0]. Who eats it, Widgets Inc. or the ISP?
1. In Sean's example, clearly the customer was a negligent party. 2. If Widgets Inc. doesn't promptly disconnect their system from the network upon notification of the problem, and/or fails to fix the system before reconnecting it to the network, then they have become a negligent party. 3. Although there's no real obligation for ISPs to do so, most that I know will eat it on the customer's behalf until some reasonable amount of time after they told the customer. That is exactly what happened in the case Sean brought up, except, the ISP ate it for far longer than reasonable.
So how about this analogy: Someone breaks into my house and spends a few hours on the phone to Hong Kong. Who eats the bill, me or my LD carrier? Neither of us was negligent.
Well... When I had a similar situation, the phone company tried very hard to tell me it was my problem. Finally, I found out what had happened, and provided them with photographs of a person tapping into lines from the junction on my pole and making phone calls. They did give me credit at that point, but, it took a lot of convincing and I got lucky with a camera.
[0] Unless someone can prove the software flaw was sloppy enough that it constitutes negligence and goes after the software authors. Good luck with that.
Actually, I'd say that anyone who hasn't signed Micr0$0ft's EULA and is a victim of the crap their software ends up spewing has a pretty good case against them for negligence at this point, but, IANAL. Owen -- If this message was not signed with gpg key 0FE2AA3D, it's probably a forgery.
Attachment:
_bin
Description:
Current thread:
- Re: Even you can be hacked, (continued)
- Message not available
- Re: Even you can be hacked Patrick W . Gilmore (Jun 10)
- RE: Even you can be hacked David Schwartz (Jun 10)
- Re: Even you can be hacked Adrian Chadd (Jun 10)
- RE: Even you can be hacked Owen DeLong (Jun 11)
- Re: Even you can be hacked Sean Donelan (Jun 10)
- Re: Even you can be hacked bmanning (Jun 10)
- Re: Even you can be hacked Jeff Shultz (Jun 10)
- Re: Even you can be hacked Robert Blayzor (Jun 10)
- Re: Even you can be hacked Andy Dills (Jun 10)
- Re: Even you can be hacked Crist Clark (Jun 10)
- Re: Even you can be hacked Owen DeLong (Jun 10)
- Re: Even you can be hacked Andy Dills (Jun 10)
- Re: Even you can be hacked Laurence F. Sheldon, Jr. (Jun 10)
- [OT] common list sense (Re: Even you can be hacked) Paul Jakma (Jun 11)
- Re: [OnTopic] common list sense (Re: Even you can be hacked) Laurence F. Sheldon, Jr. (Jun 11)
- Re: [OnTopic] common list sense (Re: Even you can be hacked) Randy Bush (Jun 11)
- Re: [OnTopic] common list sense (Re: Even you can be hacked) Paul Jakma (Jun 11)
- Re: [OnTopic] common list sense and responsibility Laurence F. Sheldon, Jr. (Jun 11)
- Re: [OnTopic] common list sense and responsibility Andy Dills (Jun 11)
- Re: [OnTopic] common list sense (Re: Even you can be hacked) Valdis . Kletnieks (Jun 11)
- Re: [OnTopic] common list sense (Re: Even you can be hacked) Paul Jakma (Jun 11)