On Tue, Oct 02, 2001 at 12:40:23PM -0400, Rich C wrote: > > Secondly because in the vast majority of cases, even when > > the attacks succeed, the real damage is almost nonexistant. > > Oh really? Tell that to the guy across the hall from me who has had to > rebuild all of his Win2k/IIS servers because Nimda damaged them beyond > repair. I myself did a virus cleanup job over there, charging as much as a > new computer would have cost (and my rates are REALLY CHEAP!) That's one new > computer they won't be able to afford this year.
Rich, as counterevidence of my statement, you point to one of the examples of exceptions that I specifically stated existed. Nimda is one of the few exceptions, and as I said it probably could qualify as terrorism owing to the scale of the attack and the damage it caused. The only problem is that most acts of terrorism have a specific target, and it's difficult to say who the target of Nimda was. I suppose you could say it was Microsoft... My systems are "attacked" at least a dozen times a day (and usually much more than that), using DoJ's definitions, and the vast majority of these attacks are pretty harmless. Virtually all of them are rendered harmless by the basic dilligence that is the responsibility of all sysadmins who manage a publicly accessible computer. No, that does not excuse the attackers, but it's just the same as putting proper working locks on the doors of your home. Few people will be sympathetic to your cause if all your stuff gets stolen and you had no locks. And with those very few exceptions, they're still not tantamount to terrorism, and hardly worthy of life in prison. I am still unfailingly bewildered by the overwhelming lack of effort to make Microsoft take responsibility for these problems. Ultimately, it's their utterly crappy software and their unwillingness to re-examine their (lack of a) security model that allowed these attacks to be successful. -- --------------------------------------------------- Derek Martin | Unix/Linux geek [EMAIL PROTECTED] | GnuPG Key ID: 0x81CFE75D Retrieve my public key at http://pgp.mit.edu ********************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the following text in the *body* (*not* the subject line) of the letter: unsubscribe gnhlug **********************************************************
