lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: micah at style.net (Micah McNelly)
Subject: Support the Sasser-author fund started

I wonder if people forget the liability that any organization inherits if
they do NOT maintain a above standard protection scheme for their
network/hosts.  Misconfiguration of network hosts/machines after being
NOTIFIED of a OS flaw or other should deem that organization responsible.
Smurf was a great example.  Following the postings of actual usable
broadcast hosts, most organizations did NOT fix the problem.  The vendors
were left to deal with the issue.   Maybe companies should start hiring
clueful people that care about not only their internal infrastructure but
the last mile facing their own customers.  IE.  All last mile providers.
You can't expect end users to maintain their own machines.  They want
solitaire.

Rant,

/m

----- Original Message -----
From: "Aaron Gee-Clough" <lists@...lef.net>
To: "Full Disclosure List" <full-disclosure@...ts.netsys.com>
Sent: Thursday, May 13, 2004 9:17 AM
Subject: Re: [Full-Disclosure] Support the Sasser-author fund started


> Duquette, John wrote:
> > Why not punish all the admins/users who failed to patch their systems in
> > time as well.
>
> Because they didn't break the law.  It's really that simple.  If you're
> saying that you think there should be a law to force people to patch
> their systems in a timely manner, that's a different issue.  (and one
> that will lead to all sorts of unintended problems...think about it for
> a while.)
>
> Aaron
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ