Exodus Customer Security
Bret McDanel
bret at rehost.com
Tue Nov 17 21:46:12 UTC 1998
---Reply on mail from Adam Rothschild about Exodus Customer Security
> FYI-
>
> "There was something with one of our customers, however it was a customer
> machine, and as such, we aren't at liberty to discuss the issue unless
> they specifically allow us to."
> - quoth Exodus
>
> So, in other words, they can't discuss abuse issues with the victim,
> unless the *offender* (client) gives them permission to?
> I'll sleep much better tonight knowing this.
>
I dont have much of a problem with this policy, if law enforcement calls,
they will proly give out the info, if joe blow calls and claims to be a
victim, they have a hard time to prove that joe blow is really a victim,
so they either have to spend payroll $$ on people proving that joe really
is a victim, OR give out info to joe when he may not be a victim (thus
increasing exposure to their customer)..
It wouldnt be that difficult to fake some logs to get info on a certain
customer for whatever reason.. If they have this policy, it protect
exodus from libaility, espically if one of their clients got broken into
and an attack was launched from there (how many companies would see a fall
in their stock or a loss of consumer confidence if the fact they got
broken into was made public??)
It seems to be known that in this instance people were breaking into boxes
and using those boxes as launching pads, what is to say that the exodus
box wasnt also a launching pad? to say that the offender was the client,
may be a bit harsh..
I think I am done ranting for now :)
--
Bret McDanel http://www.rehost.com
Realistic Technologies, Inc. 973-514-1144
These opinions are mine, and may not be the same as my employer
More information about the NANOG
mailing list