Re: A question for the list...

["morning_wood" <se_cur_ity () hotmail com>]

----- Original Message -----
From: "Jimi Thompson" <jimit () myrealbox com>
To: <incidents () securityfocus com>
Sent: Thursday, May 22, 2003 3:39 PM
Subject: Re: A question for the list...
> My contention is that we should be litigating against the people who
> are attacking our networks.  Out with the notion that "they cannot
> help it".  When the patch has been out for year, and very few people
> have applied it, something drastic needs to be changed.   Companies
> will not pay attention to and address this issue adequately until it
> impacts their bottom line.  When some high-up manager doesn't get his
> usual fat bonus because his company had to pay out a large
> settlement, things will start to change and rather quickly.
> --
> Thanks,
>
> Ms. Jimi Thompson, CISSP, Rev.


funny.. when i turn off my power my incoming attacks and attacking systems
no longer exist... neither does the connection to the internet... IT CEASES
TO EXIST AT THAT MOMENT , convict that. I imagine given the ability to run
an OS in ramdisk without the need for any storage ( hence no logs /
records ) on a laptop will quickly catch on with the blackhat elite. Very
simple to impliment with nearly any OS booting from a cd or even a
ramcard... oops, power off. I always thought it was the shopkeepers job to
protect his store... stores in smalltown usa can get by with less frontline
protection than can a site in an area like bighugecity usa, ie: bars on
doors windows etc.. Where I live I have not locked my door to my house in 2
years, and I have never been broken into... 5miles down the road I pack
bfg's , tripplepadlock any mailslot, and prepare for an onslaught of
attacks, muggings.. etc. Do you lock your door? Do you protect your site?
Defence is always a perspective, if mr storekeeper does not know about some
device to enhance his security, is he at fault? Mabey he likes his old store
and realy dont care, or he belives his odds of attack are low, mabey its a
fake shop set up by the feds.. or its an experiment in business.. you can
dream up any hypothisys you want, fact is its a computer, and connected to
the internet.. a public marketplace with both nice neighborhods and
treacherous streets. If your computer in your office fails before you save
you 4 hours of work, are you suing Dell? I dont think so, all this liability
against a voluntary HOBBY is crap. Take the net for what it is... it works
now, it might not work tomorrow, if mr 3rdworld meglomaniac decides to EMP
our asses where will your computer attack lawsuit be??? Wheres the blame??

GIVE IT A FREAKING REST ALREADY

my 2bits...

morning_wood
http://exploitlabs.com



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html