[plug] Fw: I am so sorry!Your hosts was hacked!

Mon Apr 9 11:54:50 WST 2001

On Mon, Apr 09, 2001 at 10:22:45AM +0800, Simon Scott wrote:
> 	Given enough time, any machine on the net could be compromised.

In theory, but if you make the machine as secure as you can then,
assuming you're competent, the machine will very likely remain safe when
a) it has nothing of particular value, b) there are other easier
targets.

> 	Just how many machines do these people need? How likely is it that
> if your box is compromised that it would be used for anything at all?

When you're after zombies for DDoS attacks?  As many as you can lay your
hands on.

> 	I retain my stance of 10 years ago - if its important, it shouldnt
> be on the net. There is no guarantee of security, and if nothing sensitive
> is on the net then it doesnt matter if my box is compromised or not. Why do
> NASA have anything on the net that may be sensitive? You are NEVER going to
> be 100% secure. Someone will ALWAYS be able to compromise your box. So why
> play the game?

This is a really stupid attitude.  Are you trying to tell all the
business people on this list (and throughout the rest of the world in
general) that their businesses either a) aren't important or b)
shouldn't be on the Internet?  Businesses today *need* to be connected
to the Internet.  They *need* to have machines holding sensitive,
business-critical data online.  They *need* some security.  And they
don't need irresponsible people who can't be bothered looking after
their machines.

> 	So why should I care about my little p100 sitting on an adsl link?

Matt has already explained why you should but you chose to put your head
in the sand.  You demonstrate the classic antisocial irresponsible
attitude that plagues our society.  Why should I bother security my
machine?  There's no important data on them anyway. Why shouldn't I keep
my guns in unlocked cabinets?  I'm not going to shoot myself by
accident.  Why shouldn't I drink and drive...?

Quite honestly, I wouldn't feel any pity for a second if your machine
was broken into and then used in something serious.  A zombie flooding
Amazon.com and costing them hundreds of thousands of US$'s in revenue,
for example.  I wonder what legal implications your public
acknowledgement that you don't feel any responsibility to society to
secure your machines would have when they sue you for negligence.

-- 
DSA 0x0EC1D28C: BBCB 0D79 4EBB 078A A066  7267 8BED E9D6 0EC1 D28C