On Tue, 2003-07-08 at 09:17, Keith Davidson wrote:
Blaming the ISP, or expecting ISP's to carry the burden is not helpful.
I agree with Keith's assessment and this reminds me of a quote that was repeated at the FIRST meeting in Ottawa last week. Unfortunately I can't remember the names of the people involved but the story goes like this: A few years back Sun had just announced a whole bunch of vulnerability fixes and some senior SUN technical persons was at a conference and was publicly challenged "When is SUN going to stop releasing buggy code", the bod from SUN shot straight back "Just as soon as you stop buying it". That said I do think that IPS should deal with infected machine when they are pointed out to them. -- Russell Fulton, Network Security Officer, The University of Auckland, New Zealand.