On Fri, Jul 02, 2004 at 10:45:03AM -0700, Russ Johnson wrote: > >It really isn't different. > >Attaching your address to your keys is just as stupid. > >I'm sick of the American trend of always blaming someone else > >for one's own stupidity. > > > However, it does not make the act of B&E any less illegal.
Again, the word "solely" should have been in the message somewhere. > No matter how stupid one is, the criminal is still responsible for their > own actions, and should be held accountable. Even when the root password > for the server is stenciled on the keyboard. The point being that the responsibility is not solely their own. Indeed, at a local company, the network was down for a couple of weeks because the system was under attack of some sort. Turns out the reason the attack was possible (this was NT here) was that the server was unpatched--admin said he only applied patches once a month because it was too hard to keep up with them otherwise. He lost his job. He was determined to share responsibility for the attack by not applying a two-week-old patch which would have prevented it. A day or maybe two later, he might not have been, but he was a professional and he left a system unpatched for two weeks. The attacker was still attacking the system, but the admin made it possible--indeed trivial. A bank using Windows on an ATM is just as responsible for security problems associated with using it as anyone causing those problems because it's patently STUPID to use Windows on a financial securely-critical machine. It doesn't take a whole lot of imagination to see why some custom system not in common usage outside of the field would be better. No, not security through obscurity, just simply not using something with a whole bunch of frequent security vulnerabilities and a codebase you don't have access to for an audit. _______________________________________________ EUGLUG mailing list [EMAIL PROTECTED] http://www.euglug.org/mailman/listinfo/euglug
