[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <002f01c43918$9fa7a920$f001a8c0@woah>
From: micah at style.net (Micah McNelly)
Subject: Support the Sasser-author fund started
I wonder if people forget the liability that any organization inherits if
they do NOT maintain a above standard protection scheme for their
network/hosts. Misconfiguration of network hosts/machines after being
NOTIFIED of a OS flaw or other should deem that organization responsible.
Smurf was a great example. Following the postings of actual usable
broadcast hosts, most organizations did NOT fix the problem. The vendors
were left to deal with the issue. Maybe companies should start hiring
clueful people that care about not only their internal infrastructure but
the last mile facing their own customers. IE. All last mile providers.
You can't expect end users to maintain their own machines. They want
solitaire.
Rant,
/m
----- Original Message -----
From: "Aaron Gee-Clough" <lists@...lef.net>
To: "Full Disclosure List" <full-disclosure@...ts.netsys.com>
Sent: Thursday, May 13, 2004 9:17 AM
Subject: Re: [Full-Disclosure] Support the Sasser-author fund started
> Duquette, John wrote:
> > Why not punish all the admins/users who failed to patch their systems in
> > time as well.
>
> Because they didn't break the law. It's really that simple. If you're
> saying that you think there should be a law to force people to patch
> their systems in a timely manner, that's a different issue. (and one
> that will lead to all sorts of unintended problems...think about it for
> a while.)
>
> Aaron
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists