Forwarded from: Russell Coker <russellat_private> Cc: leonat_private On Thu, 17 Jan 2002 11:01, InfoSec News wrote: > Forwarded from: leon <leonat_private> > > I would like to say that anytime a website gets defaced there are > always monetary damages. There are always qualitative damages > that are hard to put a dollar figure on. If a customer goes to > the gap website and finds it defaced are they going to feel > comfortable doing business with them over the web? Also the > webservers admin probably gets fired or reprimanded and some might > just not know how to secure their webservers. Ignorance doesn't > beg or justify attack. If the system administrator gets fired then that would be great! I think that most companies suffering security breaches should sack their administrators. Most security problems are caused by using ancient versions of software that is well known to be insecure. If that is found to be the case then the person responsible should be sacked. Also this should be published as an incentive for other administrators to do their job properly. Some people say that this is harsh on poor administrators who don't have time for security. However I have never seen an administrator who truely lacked time, but I have seen many administrators who were too lazy to do their job properly. > The fact that these kids are going to get off with just a slap on > the wrist does not seem fair. What do other people think? For the 15yo's it's fair. For the adult members of the group, it's difficult to determine, the judge makes a sentence taking all factors into account - which is more than what gets reported in email. If someone wanted to translate all the court documents into English and post them on the web (court results are generally public) then perhaps we could arrange a "trial by email". -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Jan 18 2002 - 08:28:44 PST