My First Denial of Service Attack..... (fwd)

• Previous message (by thread): My First Denial of Service Attack..... (fwd)
• Next message (by thread): My First Denial of Service Attack..... (fwd)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Back to your example.  IMO: The providers would be at a liability risk
> if they did not provide reasonable measures to insure that they did
> not contribute to the damages done to another party.  This is like
> other liabilities where if someone is injured you are at risk unless
> you did everything reasonable to prevent putting other people in harms
> way.

The only problem I forsee with this is the means for security 
measures. We are talking about corporate America and not the military. 
The only way I can see taking appropriate steps it to come up with a book 
such as the DoD Orange Book (Trusted Systems Security) for commercial 
hosts. 

It would be quite a task to come up with such a book that would take in 
account all the loopholes and liabilities, and even then, who would 
enforce the regulations?


  Given this interpretation, compromised.jumpoff.com would be at
> risk if they could be shown negligent in the administration of their
> site.

I agree, but what if compromised.jumpoff.com was simply lacking the 
manpower or the skills to completely secure their systems to the best of 
current security knowledge? If they believed that they had a secure site, 
and no one could prove that they were negligent(besides not hiring the 
best security consultant avaiable) then who is at fault?


  If they left the door wide open to hackers, IMO they'd be at
> risk.  

How does one do this?

%cat /etc/motd

**************
BrokenOS 2.1 Beta

Hello hackers!

Welcome to compromised.jumpoff.com, please use us for hacking purposes only!

**************

:)))

If they were warned due to prior incidents and continued to
> leave the door wide open, they'd be very seriously at risk.

And they would also be very stupid :)


The community needs to come up with a set security standards for different 
types of hosts, where it be a NAP, a NOC or an IAP or ISP. It needs to be 
comprehensive and contain software and support for early detection and 
audit, as well as wrapping and hacker deterrent mechanisms.



Ben

• Previous message (by thread): My First Denial of Service Attack..... (fwd)
• Next message (by thread): My First Denial of Service Attack..... (fwd)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]