I find it rich that someone who takes their time to design and execute a DDoS on a commercial interest should use the word "fair" to describe the way they wish to be treated. Were their actions fair to the IT pers who design, build and maintain the affected networks? Is it fair that people who do honest, dedicated work to support their families are attacked by someone soley motivated by the thrill of vandalism? What is fair is that these folks are required to make the DDoS vics whole. Fine the little cowards an amount equal to the projected lost revenue averaged over the last several months- 1 day lost = 1/30th of the last month's revenue. Now add punative damages. How about sharing a cell with "Bubba" for a few weeks? Let them feel what it is like to be vandalized. Poor little criminals. MJ -----Original Message----- From: Ryan Russell [mailto:ryanat_private] Sent: Wednesday, February 16, 2000 1:39 PM To: Philip J. Koenig Cc: firewall-wizardsat_private Subject: Re: Recent Attacks > > You mean Mitnick? Yes. > As far as I can see, the figures that were thrown > around supposedly putting a price tag on the 'damage' he did were > pure unfounded fantasy. Yes! As is the 1.2B dollar amount for a few hours each for several e-commernce companies. It's not (IMO) fair to try to charge for potential lost customers. There's no way to tell exactly how much business would have been done, whether the customers came back later to buy the same item, etc.. One of the few things that is fair to charge for damages in such cases is investigation time. If the witch hunt continues for a few more weeks are the current levels, we might burn 1.2B. One of the many things that needs to be fixed with the current security situation is that we don't have a fair, or even agreeed upon, way to tally damages. Ryan
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:05:09 PDT