lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: anthony at safferconsulting.com (Anthony Saffer)
Subject: Authorities eye MSBlaster suspect

<snip>
> What did I misconstrue?  You stated that you believed that admins were
> at fault for worm infections.  I quote, "It seems to me that it is each
> admins responsiblity, if they were affected ( infected ) not the coder."


Sorry for just jumping in here but I couldn't resist. Certainly, you have to
admit that there is a such thing as shared responsibility and contributory
negligence. Even the law recognizes these things. Sure, it's the coders
fault for creating and releasing the worm but the administrators do bear
SOME responsibility for not being proactive and patching their systems.
There have been cases of patches being available for 6 months to a year and
a worm coming along and cleaning house. How can anyone say that the admin
isn't partially responsible? Sure, in a perfect world, we wouldn't have to
worry about patching our systems and all would be well. But we don't live in
a perfect world and every computer admin should know how to patch his
system. If he/she doesn't then they shouldn't have their job. There is,
after all, a such thing as preventative action.

Anthony Saffer
SCS Consulting Services
www.safferconsulting.com



Powered by blists - more mailing lists