[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Cobalt to provide compensation for server hack?

Subject: RE: [cobalt-users] Cobalt to provide compensation for server hack?
From: "Dan Kriwitsky" <webhosting@xxxxxxxxx>
Date: Mon Feb 19 19:26:43 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> However, my primary point was that the responsibility for keeping the
> server running and ensuring its security is, in the end, that of its
> owner/administrator.

Making a product that states you don't need to know anything but how to
operate a web browser to use makes the responsibility Cobalt's to be sure it
can be run securely without using Telnet/SSH.

>
> Even though the target market is (partly) people clearly without the
> knowledge to properly operate a server--which again supports the point
> that Cobalt should improve security--those people should realize that
> eventually practically everyone gets hacked and try to make sure it
> doesn't happen to them.

Who are "those people"? The people Cobalt (mainly) targets this product to?
Virtually 100% of the marketing and instructions make it very clear that you
don't need to know anything but how to use the GUI to run this server.

> Valid exception: if someone wants to sue Cobalt for the Qube2's GUI
> firewall administration being hopelessly broken (which can be proven to
> be true), and can demonstrate that they (a) made reasonable efforts to
> fix it and couldn't (which is logical given the target market); and (b)
> can demonstrate damages suffered due to poor security, *that's* a valid
> lawsuit.

So the lack of security administration on the RaQ via the GUI wouldn't be a
reason for Cobalt taking any responsibility for poor security?

> It's certainly true that the hackers/crackers/spammers who cause damage
> one way or another should be primarily responsible and liable. It's also
> true, on a secondary level and in a non-criminal way, that those who
> issue software and sell products should be more responsible about
> issuing patches and fixes. All I said was that still, the primary single
> responsibility for keeping the server running is squarely in the hands
> of he/she who runs one.

The responsibility of making as certain as possible that the product is as
secure as possible before it's sold falls squarely in the hands of Cobalt.

>  Whether the lawsuit they
> get hit with eventually is or is not "valid," however, I cannot say.
>
I thought, based on
http://list.cobalt.com/pipermail/cobalt-users/2001-February/034053.html that
you already decided that any such lawsuit was baseless.
"You, on the other hand, as the server owner and administrator are fully
responsible for the use/operation/security/safety/functionality of your
server software and services; which responsibilities you have *not*
adequately fulfilled as clearly evidenced by the fact that you were
hacked."
I guess with you on the jury, Cobalt would have no worries.
--
Dan Kriwitsky

Follow-Ups:
- RE: [cobalt-users] Cobalt to provide compensation for server hack?
  - From: Rodolfo Paiz

References:
- RE: [cobalt-users] Cobalt to provide compensation for server hack?
  - From: Rodolfo Paiz

Prev by Date: RE: [cobalt-users] Cobalt to provide compensation for server hack?
Next by Date: RE: [cobalt-users] Cross Platform file names
Previous by thread: RE: [cobalt-users] Cobalt to provide compensation for server hack?
Next by thread: RE: [cobalt-users] Cobalt to provide compensation for server hack?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index