I wonder if people forget the liability that any organization inherits if they do NOT maintain a above standard protection scheme for their network/hosts. Misconfiguration of network hosts/machines after being NOTIFIED of a OS flaw or other should deem that organization responsible. Smurf was a great example. Following the postings of actual usable broadcast hosts, most organizations did NOT fix the problem. The vendors were left to deal with the issue. Maybe companies should start hiring clueful people that care about not only their internal infrastructure but the last mile facing their own customers. IE. All last mile providers. You can't expect end users to maintain their own machines. They want solitaire.
Rant, /m ----- Original Message ----- From: "Aaron Gee-Clough" <[EMAIL PROTECTED]> To: "Full Disclosure List" <[EMAIL PROTECTED]> Sent: Thursday, May 13, 2004 9:17 AM Subject: Re: [Full-Disclosure] Support the Sasser-author fund started > Duquette, John wrote: > > Why not punish all the admins/users who failed to patch their systems in > > time as well. > > Because they didn't break the law. It's really that simple. If you're > saying that you think there should be a law to force people to patch > their systems in a timely manner, that's a different issue. (and one > that will lead to all sorts of unintended problems...think about it for > a while.) > > Aaron > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
