Re: Even you can be hacked

[Andy Dills <andy () xecu net>]

On Thu, 10 Jun 2004, Crist Clark wrote:

> > Change the word "victim" to "negligent party" and you're correct.
>
> It would be great if there always was a negligent party, but there is
> not always one. If Widgets Inc.'s otherwise ultra-secure web server gets
> 0wn3d by a 0-day, there is no negligence[0]. Who eats it, Widgets Inc.
> or the ISP?

That's between the customer and Widgets Inc. The ISP is certainly not
legally obligated to eat the cost of the bandwidth. They may choose to do
so in the interest of furthering the business relationship, but that only
covers so many bits.

> So how about this analogy: Someone breaks into my house and spends a few
> hours on the phone to Hong Kong. Who eats the bill, me or my LD carrier?
> Neither of us was negligent.

Keep in mind, this guy's ISP, like many (most?) ISPs would do, gave the
guy a serious break on the first jaw-dropping bill.

But if you're the phone company, and a customer mysteriously has somebody
break into their house month after month to call Hong Kong for a few
hours, do you really think they're going to keep voiding those charges?
Clearly the customer is negligent, even if another party is directly
responsible.

Speaking for Xecunet, we offer both capped and metered billing packages,
and we always make a point of offering customers a capped solution when
something like this happens. If they decline, we make sure they understand
that in the future they will be liable for 100% of the packets coming from
their port, regardless of the circumstances. Maybe we should start putting
this in writing, but it hasn't really been a problem.

Andy

---
Andy Dills
Xecunet, Inc.
www.xecu.net
301-682-9972
---