Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-Disclosure] Support the Sasser-author fund started
From: Harlan Carvey (keydet89yahoo.com)
Date: Thu May 13 2004 - 15:09:53 CDT
> I wonder if people forget the liability that any
> organization inherits if
> they do NOT maintain a above standard protection
> scheme for their network/hosts.
What kind of liability are you talking about? Social?
I'm not aware of any legal liability that's been
tested here in the US.
For example, are you aware of any cases in which
Company A has sustained damage (loss of revenue in
production time, data, or stock dropping due to drop
in customer confidence...) b/c a bad guy broke into
Company B, and used those systems as stepping stones
into Company A?
> Misconfiguration of network hosts/machines after
> NOTIFIED of a OS flaw or other should deem that
> organization responsible.
Ah...there's the key..."should". Unfortunately, it
just isn't the case.
> Maybe companies should start hiring
> clueful people that care about not only their
> internal infrastructure but
> the last mile facing their own customers.
At what level? I just left a company where the CIO
had the *only* security type doing clerical work. The
security weenie was knowledgeable enough and
consciencious enough...but was too busy to even review
Full-Disclosure - We believe in it.