Re: [ISN] Italian Police Nab Hacker Group

From: InfoSec News (isnat_private)
Date: Thu Jan 17 2002 - 23:11:23 PST

Next message: InfoSec News: "Re: [ISN] Italian Police Nab Hacker Group"

Previous message: InfoSec News: "Re: [ISN] Re: SANS Top 20 Vulnerability List Updated"
Maybe in reply to: InfoSec News: "[ISN] Italian Police Nab Hacker Group"
Next in thread: InfoSec News: "Re: [ISN] Italian Police Nab Hacker Group"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded from: Russell Coker <russellat_private>
Cc: leonat_private

On Thu, 17 Jan 2002 11:01, InfoSec News wrote:

> Forwarded from: leon <leonat_private>
>
> I would like to say that anytime a website gets defaced there are
> always monetary damages.  There are always qualitative damages
> that are hard to put a dollar figure on.  If a customer goes to
> the gap website and finds it defaced are they going to feel
> comfortable doing business with them over the web?  Also the
> webservers admin probably gets fired or reprimanded and some might
> just not know how to secure their webservers.  Ignorance doesn't
> beg or justify attack.

If the system administrator gets fired then that would be great!  I
think that most companies suffering security breaches should sack
their administrators.

Most security problems are caused by using ancient versions of
software that is well known to be insecure.  If that is found to be
the case then the person responsible should be sacked.  Also this
should be published as an incentive for other administrators to do
their job properly.

Some people say that this is harsh on poor administrators who don't
have time for security.  However I have never seen an administrator
who truely lacked time, but I have seen many administrators who were
too lazy to do their job properly.

> The fact that these kids are going to get off with just a slap on
> the wrist does not seem fair.  What do other people think?

For the 15yo's it's fair.  For the adult members of the group, it's
difficult to determine, the judge makes a sentence taking all factors
into account - which is more than what gets reported in email.  If
someone wanted to translate all the court documents into English and
post them on the web (court results are generally public) then perhaps
we could arrange a "trial by email".

-- 
http://www.coker.com.au/bonnie++/     Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/       Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/     My home page

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
of the mail.

Next message: InfoSec News: "Re: [ISN] Italian Police Nab Hacker Group"
Previous message: InfoSec News: "Re: [ISN] Re: SANS Top 20 Vulnerability List Updated"
Maybe in reply to: InfoSec News: "[ISN] Italian Police Nab Hacker Group"
Next in thread: InfoSec News: "Re: [ISN] Italian Police Nab Hacker Group"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jan 18 2002 - 08:28:44 PST