At 02:18 PM 2/21/00 -0500, Matthew_S_Cramerat_private wrote: >The people that should be held responsible for this attack, if any, are the >people that allow insecure systems on the internet. So we ought to blame the victim? I have a lot of problem with this approach. So what you're saying is that if I don't install a Lowjack system, and someone puts my car on a tow truck and steals it, that it was my fault for not protecting myself? Next, we can start blaming the people who wrote the software because they're human and make mistakes, too. While we're at it, lets blame everyone except the people who sit there at their keyboard and attack others. Maybe we ought to blame society for raising a bunch of anti-social kids, too. For example, our highways are vulnerable to the pour-oil-off-the-bridge attack. You go pour 50 gallons of motor oil off of a local bridge onto the interstate, and you'll cause a denial of service. So, who should we blame here? a) bridge designers for failing to anticipate the attack, and allowing holes in the fences over the bridge b) motor oil manufacturers for making oil that doesn't prevent its use in this manner c) The shop where the oil was stolen from d) tire manufacturers for making tires that aren't resistant to this e) people who make roads that don't resist this attack f) the people pouring the oil off the bridge I think 'f' is the obvious answer. I didn't mean to go off on a rant (and don't mean anything personal), but this one point really makes me irate. A lot of my job is trying to get people to apply patches, correct misconfigurations, etc. The vast majority of them had no idea that there was a problem. It is obviously prudent to check your systems, and stay up to date on patches, but assigning blame to the owners of the system is wrong in most cases. David LeBlanc dleblancat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:06:46 PDT