Steven wrote: > In-Reply-To: <3EC6C60E.1070706at_private> > > A fun thread, indeed. Indeed > > Some elements to consider - > > a) Current inter-network is based on the assumption of competence. > If you offer a service on an external NIC, snip for space (sfs) > You telenet to some.com. No tricks, no hacks, no nada. Username: Guest. > Password: [blank]. You get a shell. > > Should you be there? With you so far > b) (Yep, this one's bounds check, but...) Admin of a machine had ample > time and opportunity to mitigate an exploit vector, but didn't. His box > gets exploited. The competence element implies that he intended that an > exploit using that vector should occur, I don't think this is fair. To wit; I engage in social interaction every day. Meeting strangers at the counter at the local convenience store does not imply that I accept a violent mugging, robbery, et al even though I was aware that the potential for this exploit existed and I was in a common area. (sfs) > any usage of that vector (and anything > resulting from it) to be acceptable, I don't think this is so. I think the logic fails. Just because my wallet is in my pocket doens't make it okay for "guest" to take, even though the pocket is pretty much accessable to anyone in the physical "net" of my immediate space. > On the other hand, if the admin claims no responsibility for the exploited > behavior, then he has implicitly denied having any authority over it. I concurr here. Overall, as you said, interesting thread. -- |"Reality must take precedence over public relations, |for nature cannot be fooled." | --Richard P. Feynman Chip Mefford, generalist cmeffordat_private AVWashington 1 Export Drive Sterling, VA 20164-4421 tel 703.404.8900 fax 703 404.8940 www.avwashington.com Our fourth decade. avitecture (sm): audiovisual systems for architecture ---------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed May 21 2003 - 09:25:34 PDT