On Fri, Sep 21, 2001 at 04:44:42PM -0400, Douglas J. Hunley wrote:
...
>Sue Microsoft for negligence.
>
>"But they issued patches for these exploits," you say.
>
>Yes, but they kept selling freshly pressed OS CD's that were still
>defective. I.e., they refused to recall and re-press product that
>they acknowledged (presumably this is where the lawyer would argue
>about "reasonable consumers" or some such) through patches and
>advisories was defective.
An excellent example to show that responsible vendors will pull a CD from
circulation and replace it when a major security flaw is found was a
release of SCO OpenServer several years ago. I was in the beta program for
this release, and when I got my FCS (First Customer Ship) CDs I installed
them on a local system. My first security checks showed a minor problem,
``/`, and all the system directories had 777 permissions (the default for
Win9x)! I immediately sent an e-mail to several of the top people at SCO
including Doug Michels, and they IMMEDIATELY recalled all the media kits
they had shipped delaying the release several weeks.
...
> -> one guy has 55,000 logged Nimda hits on one of his colo'd servers, and
> I believe that's unique combined hits (i.e., at ~16 requests per hit), easy
> enough to verify).
That's easy to believe. Our router (a Linux box) was logging attempts to
connect to unused subnets in the two class Cs we have here. I had to turn
off logging these rejections in ipchains because our logs were growing
3.5MB about every fifteen minutes!
Bill
--
INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC
UUCP: camco!bill PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/
Intaxication: Euphoria at getting a refund from the IRS, which lasts until
you realize it was your money to start with.
_______________________________________________
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc
->http://linux.nf/mailman/listinfo/linux-users
