Compromised machines liable for damage?
Richard A Steenbergen
ras at e-gerbil.net
Thu Dec 29 07:33:09 UTC 2005
On Wed, Dec 28, 2005 at 11:17:11PM -0500, Barry Shein wrote:
>
> To beat a dead horse just a little harder the problem I have is when a
> certain company kept distributing software with security flaws
> specifically because they're profiting from those flaws.
>
> For example, graphics libraries which accept binary code chunks to be
> executed in kernel mode without limits for support of quick screen
> updates in games considered of marketing importance. Blaming it on the
> games vendors seems inadequate, particularly over several years and
> releases of each.
>
> That's just pure economics and, hence, profiting on others' serious
> pain.
And yet, I'd bet $10 that:
* They know this.
* They are just implementing what their customers demand.
* They accept that allowing direct access in order to obtain performance
at the experience of security is a necessary model in a wide variety of
situations, particularly gaming.
* They don't give a flying crap what a bunch of perceived whining kooks on
NANOG think about that tradeoff. God knows, I wouldn't. :)
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the NANOG
mailing list