RE: [Full-Disclosure] Need contact in the BTOPENWORLD.COM security department
From: Maynard, David C (david.c.maynard_at_xo.com)
Date: 08/28/03
- Previous message: Richard M. Smith: "RE: [Full-Disclosure] AV "feature" does more DDoS than Sobig"
- Maybe in reply to: Richard M. Smith: "[Full-Disclosure] Need contact in the BTOPENWORLD.COM security department"
- Next in thread: Richard M. Smith: "RE: [Full-Disclosure] Need contact in the BTOPENWORLD.COM security department"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Montana Tenor" <montanatenor@yahoo.com>, "Richard M. Smith" <rms@computerbytesman.com> Date: Thu, 28 Aug 2003 14:22:05 -0400
Richard is having the same problem I am having with Comcast I have sent
numerous emails to abuse@comcast.net and even spoken to Security at
Comcast on phone to remove a client on there network for over a week and
they still have not done so.
What would there liability be for not responding to the problem in a
quicker an immediate manner?
David
-----Original Message-----
From: Montana Tenor [mailto:montanatenor@yahoo.com]
Sent: Thursday, August 28, 2003 12:36 PM
To: Richard M. Smith
Cc: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] Need contact in the BTOPENWORLD.COM
security department
Hi Richard,
This brings to light an issue I have been wondering
about for a while. I have no specific insight into
this, however, I feel that perhaps this may be an
interesting topic to some.
If my machine gets comprimised because I fail to
properly patch it, and then it becomes infected and
then launches some attack, why am I not held liable.
Perhaps you might think intent. I had no intent to
harm anyone else. What about negligence? Was I not
negligent in refusing to update my machine. I have
heard many discussions on this list and others about
how MS should be held accountable for writing bad
code(I agree), how the A.V. vendors should be held
accountable for programs tha run away and send
millions of emails(I agree)...nobody is ever talking
about the individual user taking responsibility for
not following what some would consider common sense
rules. Consider the following:
If I see on the news that a recall is in effect for
the brakes on my car and I refuse to bring the car in
and get it serviced. Then I'm driving along and all
of a sudden I cannot stop. I crash into several
vehicles, maybe some people..who knows. When I get
out of the hospital, can I not be sued for negligence.
I was aware of the recall, I was notified and
informed as to the danger involved but I slacked off
and didnt fix the brakes. While the brake
manufacturer should be held accountable for making
such a crappy product that could wind up killing
people, shouldnt I also be held accountable for my
inaction.
Ok, as relates to real world situations, if my machine
is infected and its during the 0day to 1week time
frame that a patch has not yet been made to counteract
this specific vuln/hole and my machine runs wild then
am I negligent, probably not. If its one month after
a patch is released and still I dont patch and as a
result of this my machine infects 10,000 other
machines, am I not at some fault. The easy way out is
to just swear at the guys at MS for creating bad code.
What about people taking the responsiblity?
So we get to this post below. Richard is attempting
nicely to get this box offline so as to stop what
could be a loss of millions of dollars from its
actions. If you were to calculate the damage that
just one machine can do by compounding it over all the
machines it infects and the ones they infect and so
on...its amazing to consider.
I suppose you all may tear into this post for being
off topic, I just would simply like to know what has
happened to people taking responsibility for things.
Maybe some way of making negligent people accountable
for their inaction would help curve this sorry state
of affairs we are in. How it this accomplished, gosh
I have no clue...maybe you do?
Cheers,
Matt
--- "Richard M. Smith" <rms@computerbytesman.com>
wrote:
> Hello,
>
> Does anyone have an email address for a live human
> being who works in
> the BTOPENWORLD.COM security department? I've been
> trying for days now
> to get the company to disconnect a customer from the
> Internet who is
> infected with Sobig.F. In the last 12 hours the
> situation has gotten
> out of hand with the customer's computer sending me
> and others Sobig
> every 30 seconds for hours on end.
>
> The IP address of the infected computer is:
>
> Received: from
> host217-34-21-140.in-addr.btopenworld.com (HELO PC7)
> (217.34.21.140)
>
> Thanks,
> Richard M. Smith
> http://www.ComputerBytesMan.com
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Richard M. Smith: "RE: [Full-Disclosure] AV "feature" does more DDoS than Sobig"
- Maybe in reply to: Richard M. Smith: "[Full-Disclosure] Need contact in the BTOPENWORLD.COM security department"
- Next in thread: Richard M. Smith: "RE: [Full-Disclosure] Need contact in the BTOPENWORLD.COM security department"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
