[lug] CLUE: Possible Lawsuit against those with unsecured online systems? (fwd)

Nate Duehr nate at natetech.com
Fri Feb 25 22:13:29 MST 2000


There are already documented cases of issues like this being settled
out-of-court.  Usually the ill-will gained towards the company or
organization starting the lawsuit isn't worth it for "eCommerce"
companies, but traditional companies with brick-and-mortar offices are
more than willing to either :

1) Work with the system admins who were allowing the remote attack.
2) Sue them if they won't respond and fix the issue.

Yep, if you ignore network security on your systems, you may find
yourself liable for damages someone else accomplishes through the use
(stealing) of your machines and resources (bandwidth).

It's been interesting that none of the cases I've seen so far have been
very high profile, but I'm sure they're coming...

On Fri, Feb 25, 2000 at 02:13:08PM -0700, Wayde Allen wrote:
> 
> The following message was recently posted to the CLUE mailing list.  Kind
> of makes one wonder if it is a good idea to be involved with system
> administration.
> 
> 
> - Wayde
>   (wallen at boulder.nist.gov)
> 
> ---------- Forwarded message ----------
> Date: Fri, 25 Feb 2000 11:30:24 PST
> From: Jim Intriglia <jimintriglia at hotmail.com>
> To: clue-talk at clue.denver.co.us
> Reply-To: clue-talk at clue.denver.co.us
> Subject: CLUE: Possible Lawsuit against those with unsecured online systems?
> 
> Thought this was appropriate to post with the current CLUE focus on online 
> security and Linux. For anyone that may not be presently be too concerned 
> with securing their online Linux boxes.
> 
> What follows below crossed my mind when the recent web attacks occurred. Now 
> the idea is in print and the legal-beagles will surly pickup the scent:
> 
> "..there is a move afoot to prosecute the owners of the zombie machines. The 
> idea is that because the owners haven't adequately managed their systems, 
> they have put other people's computers at risk. "
> 
> Complete article at:
> http://www.nwfusion.com/columnists/2000/0221gibbs.html
> 
> Something to consider if you are not taking (due diligent) steps in 
> reasonably securing your online linux box (??).
> 
> Anybody venture a guess as to when the first lawsuit will be filed against 
> the owner(s) of the systems responsible for the web attacks on Amazon, 
> etc..?
> 
> Jim Intriglia
> 
> 
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

-- 
Nate Duehr <nate at natetech.com>

GPG Key fingerprint = DCAF 2B9D CC9B 96FA 7A6D AAF4 2D61 77C5 7ECE C1D2
Public Key available upon request, or at wwwkeys.pgp.net and others.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20000225/2a35e192/attachment.pgp>


More information about the LUG mailing list