RE: [cobalt-users] Cobalt to provide compensation for server hack?

[Rodolfo Paiz <rpaiz@xxxxxxxxxxxxxx>]

[post by babymash@xxxxxxxxxxxx snipped out of order]

> I would be interested to hear of any action that anyone has
> already taken, and/or your views, comments or criticism.

Well, since you ask...

Note that, for your benefit, I've let this email sit for 24 hours or so
to ensure that I wasn't reacting *too* angrily. Amazingly enough, I
stand solidly behind what I wrote last night.

> One of our RAQ3 servers was a victim of the recent hack. Has
> anyone taken up the issue of compensation for this incident
> with Cobalt? Surely they must be liable as they failed to
> provide sufficient server protection. We had all patches
> loaded and security was still compromised.

<NAPALM BOMB>

If there's one thing that REALLY pisses me off, it's the classic
shithead attitude of "Look! Quick! Someone to sue!" Ambulance-chasing,
goldbricking, irresponsible $#%@!! on this track have given citizens of
the USA (otherwise truly a wonderful country) the bad rap they have as
whining losers unable or unwilling to take responsibility for their own
lives who, instead, take advantage of the absurd tort system to milk
early retirement from someone else.

You are either: (1) truly innocent and a "babe" in the woods (as
indicated by your email address), and therefore have no excuse trying to
do grownup things like run a server (God forbid a business); or (2) been
fatally afflicted with the pathetic blame-everyone-but-myself malady so
sadly common in the United States today, in which case you need to pull
your head out of your ass quickly... before the lack of oxygen in your
colon does any more damage to what's left of your brain.

Cobalt sold you a server, which runs as advertised. They never said it
was hack-proof, they said it was easy to use and required little
knowledge to operate. The fact that yours is even plugged in properly
enough to *be* hacked is proof-positive that a fool can run a RaQ. So
I'd argue that Cobalt clearly delivers on their advertising claims.

You, on the other hand, as the server owner and administrator are fully
responsible for the use/operation/security/safety/functionality of your
server software and services; which responsibilities you have *not*
adequately fulfilled as clearly evidenced by the fact that you were
hacked. So I'd argue that *you* are clearly liable unto your customers
for damages, lost revenue, and loss of service. It's also quite likely
that you are liable for negligence, since it's obvious you haven't even
thought of ensuring security yourself, calmly expecting Cobalt to
provide you with a fool-proof way to practically print your own money.

Please confirm that you have properly installed and configured AT LEAST
the latest PKG or RPM files for the following applications:

* ipchains
* portsentry
* logcheck
* amavis
* apache
* sendmail
* bind
* qpopper

Latest stable versions, of course. Also please confirm that you
subscribe to security advisory services and all announce mailinglists
related to any critical software on your RaQ, and that you engage in
active security audits on a periodic basis.

Finally, show conclusively where on God's green Earth is *anything* said
that states or implies that Cobalt warrantees the continued functioning
of the *software* on your server for any reason, and/or that Cobalt
warrantees--or has even implicitly offered--to provide hackproof
security for your box.

You own the server. You run it. And its security, functionality, and
uptime are all your responsibility. Breathe deeply, duck your head in
shame at having posted something like this (nameless, even) to a list
full of people who work their asses off to make a living even at 3AM
when the server pukes, and set about reforming your ways and acquiring
something that can with dignity be called a life.

Now, I've never seen a post from you before (I'd remember that email
address), and I certainly speak only for myself here... but if your
future posts have some more intelligent content to them, and show that
you're actually trying to *work* for a living, then I for one will work
hard to help you make money at this... gratis. But if you so much as
pretend to be offended by my ripping your head off, you're going to be
the fourth person ever in my kill-file.

I'm a nice guy (really...), but I do not suffer fools gladly and I'll
never tolerate someone looking to milk a jury award out of another. I've
seen too much of it (and even had it tried on me without success).

Hope to see you in the future as a positive, contributing member of this
list. Even if all you contribute are questions and comments, you're
welcome. But do not come here seeking advice and tips on how to make
that "easy score" so many dream of... you're in the wrong part of town.

</NAPALM BOMB>

To the rest of the list: I know this got kinda long-winded, but it's
3AM, I'm configuring ipchains, and I have lots of time but little
tolerance. Constructive comments and criticisms welcome; flames read
with curiosity but little interest.

<grin>

Good night, all! :)

--
Rodolfo J. Paiz
rpaiz@xxxxxxxxxxxxxx <mailto:rpaiz@xxxxxxxxxxxxxx>