To begin, don't think I'm happy offering any defense to M1. In fact, I am
VERY anti-M1. Every couple months they alter my basic ($8.50) channel line
up, pulling another "real" channel out of the mix and giving me more
shopping/religious/ethnic channels. I have no say in this change. It is
being done for the single reason of getting people to upgrade basic service
(their next cheapest package is almost $30/month). And because of the
monopoly situation of cable I cannot go elsewhere. I have no reason to look
at satellite because I am trying to get a decent CHEAP package...I only
watch a maximum of 3 hours of tv / week...I just liked being able to select
some of that viewing time from Discover / History / TLC, etc. That said, I
don't think that M1's steps in this situation are anything less than should
be expected. Let me shine a different light on Warren's example:
A thief steals your car because you left it parked on the street, unlocked
and with keys in ignition (the best analogy I can think of for an out-of-the
box Linux install connected to the net). The thief uses your car as a
getaway vehicle for a bank robbery (more analogous to the computer crime
than manslaughter is). You are initially questioned, but determined that
you are not responsible. The next week, that thief comes back and takes
your car again because you STILL have it parked on the street, you STILL
have the doors unlocked, and you STILL leave the keys in the ignition. The
car is again used to commit a crime. You are not responsible for the crime
but the police will probably determine that you are responsible for
SOMETHING. After all, who's to say you were not good friends w/ the thief
and left your car available in exchange for a cut of the loot. Likewise,
how does M1 know that you are not purposefully leaving your system sitting
ready w/ all tools open so that a friend of yours can use it as a cracking
base-of-operations and if it gets tracked back, you can claim "It's not my
fault...my system was cracked!"
0.02
-Larry
> -----Original Message-----
> From: Mansur, Warren [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, April 25, 2001 1:14 PM
> To: Greg Kettmann; David Roberts
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: RE: A story and some advice.
>
> I suppose everyone has a different opinion on this, so I figure I might
> as well share mine :-)
>
> If a thief breaks into my car, and then uses it to run over and kill 10
> people, am I responsible for the death of those 10 people? The police
> may at first suspect me because my car was used, but as soon as they
> find out my car was stolen and someone else did the killing, I will be
> absolved of all charges.
>
> Similarly, if someone breaks into my computer, and then uses it to hack
> into other systems, scan other systems, spread viruses, etc . . . , am I
> responible for the hacking, scanning, or viruses? Again, your internet
> provider may at first suspect you because it was your computer that
> committed the crimes. But, as soon as they find out it wasn't you, how
> can they say it's your fault?
>
> Nothing works this way in life. If I own a hammer, and someone uses my
> hammer to kill somebody, am I a murderer? If I own a crowbar, and
> someone uses my crowbar to break into a house, do I become a thief? If
> I own a computer, and someone uses my computer to hack into other
> systems, do I become a hacker?
>
> The obvious answer is "no way".
>
> Ownership by itself does not imply guilt.
>
> Therefore it is my opinion that AT&T cannot say that you are a hacker
> based only on the fact that your computer has been involved in some
> illegal activities, and their policy to permanently turn off your
> service is basically ridiculous. There are other alternatives such as
> tracking down the hacker or providing help with some type of firewall
> service.
>
> That's my opinion. I'm sure there are 50 others :-)
>
> -Warren
>
> -----Original Message-----
> From: Greg Kettmann [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, April 25, 2001 12:42 PM
> To: David Roberts
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: A story and some advice.
>
>
> Folks: First, I really appreciate all the feedback. Most has been
> excellent.
>
> About the only area that I fundamentally disagree with is sort of the
> combination "it's my fault / M1 - AT&T is doing OK". Yes, I accept my
> share
> of the responsibility but I really, REALLY think that M1/AT&T, who have
> the
> resources, should be doing something to try to actually go after the
> crackers. OK, I'm not just "an innocent victim" and I'm responsible for
> putting my high performance sports car on the net but M1/AT&T owns the
> highway
> and they certainly have capabilities and facilities that far outstrip
> what I
> have on my Linux Firewall.
>
> That said, my brother is a reporter and I can either get published or he
> can
> get published. M1/AT&T is a monopoly and I think simply discontinuing
> someones service "forever" and ignoring the "cracker" is not an
> appropriate
> behavior. So please, any suggestions for writing to cover M1's
> responsibility in all this? They're the only game in town and they're a
> major
> player on the Internet. Are they really taking the most appropriate
> actions
> and doing all they can to make the Internet safe for everyone?
>
> Clearly I'm biased and I'm mad right now. But it really bothers me that
> M1
> can have so little corporate responsibility for solving these problems.
> Yes,
> they can just kick anyone off that get's caught port scanning but we all
> know
> that this is not a permanent solution. The cracker will just crack
> another
> box and nothing will have been done to correct the core problem.
>
> Finally, I'm very concerned about the perception here that Linux is bad
> for
> the Internet. True Windows is a brick and Linux a Porsche but people
> buying
> stuff at Best Buy don't care about that. They just want to browse the
> web.
> Remember the saying "guns don't kill people, people do" (FLAMES OFF,
> this was
> not a political statement, merely an analogy). If a Linux box is more
> capable
> of doing damage on the web then this is a PR or a perception issue that
> must
> be addressed and yes, in my current job capacity that's exactly the
> types of
> things I worry about. The perception here is that Linux is a loose
> cannon on
> the Internet, if not properly bolted down and yet the average user has
> no idea
> how to bolt it down, therefore Linux is inappropriate for the aveage
> user.
>
> I don't know. Please feel free to comment away. I'll post what I write
> before I send it to my brother.
>
> Thanks for all your help.
>
>
> **********************************************************
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **********************************************************
>
> **********************************************************
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **********************************************************
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
