nanog mailing list archives
Re: Level3 routing issues?
From: Scott Francis <darkuncle () darkuncle net>
Date: Mon, 27 Jan 2003 01:57:40 -0800
On Sat, Jan 25, 2003 at 06:51:01PM +0000, steve () telecomplete co uk said:
True altho it does appear to affect MS more so than it ought to even considering their market lead.What evidence do you have here? If I count the number of DDOS attacks from insecure Linux boxes that we've seen in the last year, I'd say that its on par.I think you are on the right lines below in suggesting that products and services should be supplied safe and not require additional maintenance out of the box to make them so (additional changes should make them weaker)
"secure by default" is a wonderful goal that has, to date, failed to reach very many vendors, either commercial or otherwise. As the number of hosts connected to the Net continues to rise, and as broadband continues to spread, we can expect to see the damage caused by insecure software grow. When the damage reaches a certain critical mass (whatever that may be; I thought we'd have reached it already), those who are coughing up millions of dollars (if not now, that figure will certainly be realistic very soon) to deal with the effects of insecure software will eventually stop accepting this as merely "the way things are". At that point, the lawyers will get involved, and there will be a change in the way software liability is viewed, and a resulting change in the focus from vendors (commercial ones, anyway). ==== When the costs of releasing insecure and buggy software exceeds the profit from doing so, vendors will make security a priority. Not before. ==== (As far as free/open software goes ... figuring liability there could be significantly more tricky, if the lawyers decided it was worth it at all. Microsoft, for instance, makes a much more lucrative target (and a better public lesson) than suing, say, the Apache Group. Most commercial software licenses declaim any and all responsibility, as do their GPL/BSD counterparts, but commercial entities are easier to chase down legally.) IANAL, nor am I a fortune teller. I also admit to far less operational experience than most of the folks on this list. This is what I see coming. I suppose time will tell whether I'm a crackpot or a visionary. :) -- -= Scott Francis || darkuncle (at) darkuncle (dot) net =- GPG key CB33CCA7 has been revoked; I am now 5537F527 illum oportet crescere me autem minui
Attachment:
_bin
Description:
Current thread:
- Re: Level3 routing issues?, (continued)
- Re: Level3 routing issues? Neil J. McRae (Jan 25)
- Re: Level3 routing issues? Scott Francis (Jan 27)
- Re: Level3 routing issues? Grant A. Kirkwood (Jan 25)
- Re: Level3 routing issues? Jack Bates (Jan 25)
- Re: Level3 routing issues? Neil J. McRae (Jan 25)
- Re: Level3 routing issues? Stephen J. Wilcox (Jan 25)
- Re: Level3 routing issues? Neil J. McRae (Jan 25)
- Re: Level3 routing issues? Stephen J. Wilcox (Jan 25)
- Re: Level3 routing issues? Rafi Sadowsky (Jan 25)
- Re: Level3 routing issues? Stephen J. Wilcox (Jan 25)
- Re: Level3 routing issues? Scott Francis (Jan 27)
- Re: Level3 routing issues? Avleen Vig (Jan 25)
- Re: Level3 routing issues? Christopher L. Morrow (Jan 25)
- Re: Level3 routing issues? Avleen Vig (Jan 25)
- Re: Level3 routing issues? Marc Slemko (Jan 25)
- worm design (Re: Level3 routing issues?) E.B. Dreger (Jan 25)
- Re: Level3 routing issues? Neil J. McRae (Jan 25)
- Re: Level3 routing issues? Bill Woodcock (Jan 25)
- Re: Level3 routing issues? Avleen Vig (Jan 25)
- Re: Level3 routing issues? K. Scott Bethke (Jan 25)
- Re: Level3 routing issues? Christopher L. Morrow (Jan 25)