[ale] AT&T Broadband blocking inbound http?

Jonathan Rickman jonathan at xcorps.net
Thu Aug 9 10:31:20 EDT 2001


On Thu, 9 Aug 2001, Wandered Inn wrote:

> SAngell at nan.net wrote:
> >
> > I wonder at what point we will begin to hear talk of liabilities being imposed
> > on those individuals who refuse to perform maintenance on the machines that are
> > still left un-patched.

Bite your tongue. The situation is bad enough without an army of lawyers
contributing to the confusion.

> I think it should be handled like a recall.  The CREATOR of the
> DEFECTIVE product should be responsible for correcting the problem as
> well as liable for damages, prior to the recall.

That's probably not a very good idea. A very limited number of players have the
financial resources to handle that sort of thing. What happens when the next
Apache, Samba, [insert any other open source package] bug is discovered? Will
every developer that ever worked on it be held liable or just the company...oh
wait, what company? Guess we'll have to sue the developers...

> If the brakes on my car fail and I have a wreck because of a defective
> design, the automobile manufacturer would be found at fault.  Look at
> the recent Ford/Firestone fiasco.

Apples and Oranges. Code Red isn't killing anyone, and contrary to what many
are claiming...it isn't costing billions of dollars either. The businesses who
experienced downtime due to the worm have nobody to blame but themselves for not
patching. If somebody claims they lost business 'cause their DSL connection was
flooded...gimme a break. You're running a business. Number one...get a decent
SLA and hold the provider to it. They're the ones with the resources to stop it.
Number two...if it's that critical, you should have some redundancy. If you
can't afford redundancy then you aren't making enough money to justify the
overblown damage estimates that you are feeding everyone in the first place.
This Code Red thing is a fairly major problem, yes. But it's not the end of the
world, contrary to what some in the media would love to keep us believing.


--
Jonathan Rickman
X Corps Security
http://www.xcorps.net

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list