Re: How hackers cause damage...

[Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>]

On 2006-03-03 Craig Wright wrote:
> In reply to Ansgar Wiechers
> > > How do you propose to fix vendor issues.
> >
> > Sue them. After all you paid them money.
>
> So in cases where life has been lost, it is ok as long as there is
> remedy in tort? The life is less important that the monetary cost?

That's pretty obvious, because if life was more important, measures
would have been taken *before* an incident could have happened, don't
you think?¹

[...]
> > So? Any connection can be secured. Lack of skills is no excuse
> > whatsoever as there are skilled people out there who can be hired.
>
> Do you have the faintest idea of Risk. The cost of security is inverse
> to the amount of security. You want 100% security you pay more than
> the cost of the item to be secured. I suggest that you get a little
> training on risk. Learn that there are financial costs to security.

Take your uppity and stick it where the sun doesn't shine, will ya? I
wasn't talking about achieving 100% security, but about moving away from
having 0% security at all. And I'm pretty sure my grasp on risk and
costs of security isn't that much worse than yours. However, I most
definitely do not share your opinion that there are too few clueful
people out there. It's just that there are too many clueless people.


[ Networks being insecure nowadays ]

Tell news. However, prosecuting people who exploit these insecurities
doesn't change anything about the vulnerabilities being there and also
doesn't change anything about people exploiting them. I said it before,
and I'm going to repeat it here because you obviously failed to get my
points:

- I DO NOT believe that cluelessness should be protected by the law.
- I DO NOT believe that a law will prevent bad things from happening.
- I DO believe that proper security measures WILL prevent bad things
  from happening.

That suggests a certain course of action. IMnsHO.

Regards
Ansgar Wiechers

¹ sarcasm may be kept by the finder
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------