Re: Even you can be hacked

["Jeff Shultz" <jeffshultz () wvi com>]

** Reply to message from Crist Clark <crist.clark () globalstar com> on
Thu, 10 Jun 2004 14:54:07 -0700

> It would be great if there always was a negligent party, but there is
> not always one. If Widgets Inc.'s otherwise ultra-secure web server gets
> 0wn3d by a 0-day, there is no negligence[0]. Who eats it, Widgets Inc.
> or the ISP?

Just out of curiosity, what was the last 0-Day (not that I've heard of
any, really) that made itself obvious by chewing up tons of bandwidth?
Most of the nasty worms seem to be the ones that either do some
efficient social engineering, or exploit a hole MS patched 6 months
ago. In any case, I expect it would be negotiated on a case by case
basis. But Widgets Inc. would operating from a position of weakness.
Regardless of the circumstances, their systems did use the bandwidth. 

> So how about this analogy: Someone breaks into my house and spends a few
> hours on the phone to Hong Kong. Who eats the bill, me or my LD carrier?
> Neither of us was negligent.

Depends on how nice your LD carrier is - with a police report they
might cut you some slack. Otherwise... how many parents have been stuck
with the bills for their teenage kids $200+ SMS bills?

-- 
Jeff Shultz
A railfan pulls up to a RR crossing hoping that
there will be a train.