mmm that last suggestion would fire warning bells to me .....not exactly a professional response , are they actually interested in any issues that may occur ? If they are taking this approach to a inquiry how are they going to approach and "issue" ?
Cheers Dale. ----- Original Message ----- From: "Carl Cerecke" <[EMAIL PROTECTED]> To: "clug" <[EMAIL PROTECTED]> Sent: Friday, September 19, 2003 9:58 AM Subject: Re: [OT] liability in ISP terms of service > [EMAIL PROTECTED] wrote: > > On Fri, 2003-09-19 at 09:08, Carl Cerecke wrote: > > > >>Hi, > >> > >>My ISP has updated its terms of service. Included is the following > >>paragraph: > >> > >>The Customer may be liable for all charges and expenses incurred by > >><ISP> resulting from any security breach or attack or customer error > >>that involves Customer hardware, software, or network configuration, > >>including IP addresses. > >> > >>Isn't this casting their net a bit wide? Or am I just paranoid. > > > > > > And what happens is someone simply does a DOS/DDOS and spoofs your IP? > > Funny enough, that's what I said when I replied to the message. The guy > didn't grok what I meant though. Here's my reply to his reply to my > reply mentioning spoofs (If you can follow that). > > [ISP] > > There is still the opportunity for you to state your case should you > > experience such an issue. > > [ME] > This is not mentioned in the <ISP> terms (unless I missed it), and > relies on the goodwill of <ISP>. It should be explicitly stated as a > right, not mentioned in passing as an opportunity. > > [ISP] > > However, this condition will save us from > > bearing the burden of Network outages due to DOS attacks, which many > > have occurred, due to Viruses like the Blaster worm and certain trojans > > like the one you have mentioned. We consider system security to > > ultimately be in the hands of the end user, and that any breech of their > > systems should make them accountable, and we do not accept the liability > > for costs incurred as a result of such conditions. > > [ME] > The problem is, that there are ways to "breech my system" that are > the fault of <ISP>, not me. Two examples: 1. uploading web pages to > the user's webserver uses standard ftp that transmits passwords in the > clear. secure-ftp is not available (last time I checked). 2. email is > accessed via pop3, which also transmits passwords in the clear. pop3 > over SSL or IMAP is not available. > I usually access my mail from work - 11 hops away from <ISP> over the > internet. My system security is not in my hands alone, it is also partly > the responsibility of <ISP>. I should not be held liable for damage done > to <ISP> due to a security weakness at <ISP> (like the two listed above) > even if it involves my system or setup in some way. Yet the wording of > the <ISP> terms *does* hold me liable. > > [ISP] > > This should encourage users to extend a more thorough awareness to such > > issues, therefore protecting our other customers. > > [ME] > My experience is that it probably won't. > > [ISP] > > If we do not meet your expectations then we can only suggest another > > ISP. > > This last sentence suprised me. Perhaps I am too much hassle as a > customer :-) > > Cheers, > Carl. > >
