lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <74D43BE60F22AC44A7F33AD0D88B69210303E632@ILCHICVEXC006.mail.inthosts.net>
From: david.c.maynard at xo.com (Maynard, David C)
Subject: Need contact in the BTOPENWORLD.COM security department

Richard is having the same problem I am having with Comcast I have sent
numerous emails to abuse@...cast.net and even spoken to Security at
Comcast on phone to remove a client on there network for over a week and
they still have not done so.

What would there liability be for not responding to the problem in a
quicker an immediate manner?

David

-----Original Message-----
From: Montana Tenor [mailto:montanatenor@...oo.com] 
Sent: Thursday, August 28, 2003 12:36 PM
To: Richard M. Smith
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Need contact in the BTOPENWORLD.COM
security department


Hi Richard,

This brings to light an issue I have been wondering
about for a while. I have no specific insight into
this, however, I feel that perhaps this may be an
interesting topic to some.

If my machine gets comprimised because I fail to
properly patch it, and then it becomes infected and
then launches some attack, why am I not held liable. 
Perhaps you might think intent.  I had no intent to
harm anyone else. What about negligence?  Was I not
negligent in refusing to update my machine.  I have
heard many discussions on this list and others about
how MS should be held accountable for writing bad
code(I agree), how the A.V. vendors should be held
accountable for programs tha run away and send
millions of emails(I agree)...nobody is ever talking
about the individual user taking responsibility for
not following what some would consider common sense
rules.  Consider the following:

If I see on the news that a recall is in effect for
the brakes on my car and I refuse to bring the car in
and get it serviced.  Then I'm driving along and all
of a sudden I cannot stop.  I crash into several
vehicles, maybe some people..who knows.  When I get
out of the hospital, can I not be sued for negligence.
 I was aware of the recall, I was notified and
informed as to the danger involved but I slacked off
and didnt fix the brakes.  While the brake
manufacturer should be held accountable for making
such a crappy product that could wind up killing
people, shouldnt I also be held accountable for my
inaction.

Ok, as relates to real world situations, if my machine
is infected and its during the 0day to 1week time
frame that a patch has not yet been made to counteract
this specific vuln/hole and my machine runs wild then
am I negligent, probably not.  If its one month after
a patch is released and still I dont patch and as a
result of this my machine infects 10,000 other
machines, am I not at some fault.  The easy way out is
to just swear at the guys at MS for creating bad code.
 What about people taking the responsiblity?  

So we get to this post below.  Richard is attempting
nicely to get this box offline so as to stop what
could be a loss of millions of dollars from its
actions.  If you were to calculate the damage that
just one machine can do by compounding it over all the
machines it infects and the ones they infect and so
on...its amazing to consider.  

I suppose you all may tear into this post for being
off topic, I just would simply like to know what has
happened to people taking responsibility for things. 
Maybe some way of making negligent people accountable
for their inaction would help curve this sorry state
of affairs we are in.  How it this accomplished, gosh
I have no clue...maybe you do?

Cheers,
Matt

--- "Richard M. Smith" <rms@...puterbytesman.com>
wrote:
> Hello,
> 
> Does anyone have an email address for a live human
> being who works in
> the BTOPENWORLD.COM security department?  I've been
> trying for days now
> to get the company to disconnect a customer from the
> Internet who is
> infected with Sobig.F.  In the last 12 hours the
> situation has gotten
> out of hand with the customer's computer sending me
> and others Sobig
> every 30 seconds for hours on end.
> 
> The IP address of the infected computer is:
> 
> Received: from
> host217-34-21-140.in-addr.btopenworld.com (HELO PC7)
> (217.34.21.140)
> 
> Thanks,
> Richard M. Smith
> http://www.ComputerBytesMan.com

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ