On Wed, 27 Jun 2007 22:01:33 CDT, Dennis Henderson said: > Can anyone explain how getting pnwed by a keylogger or a trojan is not their > fault? Do we have to argue what "fault" is? I hope not, becuase that could > take days... :)
Hmm.. there was a bunch of Italian websites serving up exploits pretty recently. Who's fault is it if you visit some presumably trustable and legitimate website that you've been visiting for *years*, and that morning they got hacked and send your copy of IE an exploit for a yet-unpatched vulnerability? Or even better - a 3rd party site that does banner ads and the like is the one that got hacked. So you visit www.snopes.com, and you find out the hard way that www.burstnet.com was pwned. Care to explain to me how *THAT* is the fault of any Joe Sixpack? Remember that if you say it's their fault, you *also* need to provide *workable* advice on how they were supposed to prevent it. Good luck explaining noscript.net to Joe Sixpack, let me know how that works out for you... > Does anyone have the balls to admit that they have been pwned thru no fault > of their own? I would love to hear that story. There's this security person by the name of Raven Adler. I suggest you ask her who's fault it was she got nailed by a MacOSX 0-day in front of everybody, and how things turned out when she went to talk to Apple about it...
pgpjoNNzNF3tx.pgp
Description: PGP signature
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
