Comment Re:Outside the U.S. (Score 1) 244
Funny still the one time in a corporate environment I had to assist in tracking a cracker (Not a hacker, I've been hacking for 20 years and I've not yet been into a box via illegal means.) He was from Texas. But then again a lot of people wonder just how connected the US and Texas really are.
That aside, I will say one thing. Our ISP was being Ddos'd heavily (Small ISP) becaue they hosted a Linux security site. So I picked up the phone and called the FBI. Because the supplier of our T1's and T3's wouldn't talk to us about the problem. (Pre 9/11 btw) They had one question for me. Did the damage exceed 5,000 US, and could I document it. I said yes, I did, and about 24 hours later I get a panic phone call from a major supplier of T1's etc in our area calling to find out why I sent the FBI after them. I didn't directly but since the Zombie boxes used in the attack (which we had documented and logged.) Were primarily in their house, they were hosed bad. For months they refused to assist us. 24 hours after a call to the Fed's and they suddenly had a policy for handling the problem. It's amazing what having the FBI walk in with warrents to confenscate about 100 servers will do to change someones attitude.
My rather belabored point is. That just doing the math is not enough. Until people start taking a legal stand against these people we won't be able to control the problem. Nothing will ever eliminate it. But it dang sure can be quelled. That includes IMHO holding the manufacturers of some products feet to the fire as far as product liability goes. Anyone can have a car accident. But the Auto Manufactures are held to task for a reasonable level of safety. The vehicles are tested and the tests are public.
A lot could be said for allowing users choices of safety in the software they run as well. procuct testing for Security etc. Choices of OS with clear and understandable risks known to the consumer will help. Allowing the user to chose even something as simple as having his/her new box come with SP2 pre-installed would help. Shouldn't Dell be held liable for selling boxes that get cracked faster than the consumer can download the security patch? The legal conscept of reasonable and prudent would apply to the home user as well. When the OS provides the means to autmatically feed security updates to them, and they refuse this and fail to be diligent in doing it manually they too should have some liability. Just as if when driving a car on ice doing 65 mph is a 65mph zone may be legal but hardly reasonable and prudent. Thereby negating others liability if I have an accident.
That aside, I will say one thing. Our ISP was being Ddos'd heavily (Small ISP) becaue they hosted a Linux security site. So I picked up the phone and called the FBI. Because the supplier of our T1's and T3's wouldn't talk to us about the problem. (Pre 9/11 btw) They had one question for me. Did the damage exceed 5,000 US, and could I document it. I said yes, I did, and about 24 hours later I get a panic phone call from a major supplier of T1's etc in our area calling to find out why I sent the FBI after them. I didn't directly but since the Zombie boxes used in the attack (which we had documented and logged.) Were primarily in their house, they were hosed bad. For months they refused to assist us. 24 hours after a call to the Fed's and they suddenly had a policy for handling the problem. It's amazing what having the FBI walk in with warrents to confenscate about 100 servers will do to change someones attitude.
My rather belabored point is. That just doing the math is not enough. Until people start taking a legal stand against these people we won't be able to control the problem. Nothing will ever eliminate it. But it dang sure can be quelled. That includes IMHO holding the manufacturers of some products feet to the fire as far as product liability goes. Anyone can have a car accident. But the Auto Manufactures are held to task for a reasonable level of safety. The vehicles are tested and the tests are public.
A lot could be said for allowing users choices of safety in the software they run as well. procuct testing for Security etc. Choices of OS with clear and understandable risks known to the consumer will help. Allowing the user to chose even something as simple as having his/her new box come with SP2 pre-installed would help. Shouldn't Dell be held liable for selling boxes that get cracked faster than the consumer can download the security patch? The legal conscept of reasonable and prudent would apply to the home user as well. When the OS provides the means to autmatically feed security updates to them, and they refuse this and fail to be diligent in doing it manually they too should have some liability. Just as if when driving a car on ice doing 65 mph is a 65mph zone may be legal but hardly reasonable and prudent. Thereby negating others liability if I have an accident.
