[Dshield] DCOM morning after

Darren Gasser kaos at earthlink.net
Tue Aug 12 21:27:51 GMT 2003


Brenden Walker wrote:

> I have a feeling that some of these ISP's who don't seem to care
> about it,
> may care when they get sued by a company that was attacked.  I'm not
> sure
> how probable it would be, but I'm sure somewhere along the line some
> lawyer
> will do it.. If they haven't already?

Bruce Schneier has been speculating about product liability for security
breaches in his newsletter for some time.  So far Microsoft and the big
telcos have managed to avoid any liability, but I suspect their time may be
coming.

On the other hand, ISPs and transit providers tend to write contracts that
say that they're just providing a pipe and not warranting its safety or
usability in any way.  Hosting providers may be more inviting targets, since
it would be much easier to argue negligence if their systems or networks
were compromised.

-Darren




More information about the list mailing list