|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Even you can be hacked
> At 7:07 PM -0700 2004-06-10, David Schwartz wrote: > > Most of the people on this list see things from the ISP's > > perspective. > > However, step back a bit and see it from the user's perspective. Do you > > expect to pay for phone calls you didn't make or do you expect > > the person > > whose deliberate conscious action caused those calls to be made? Do you > > expect to be responsible for patrolling your electric lines to > > make sure > > someone hasn't plugged into your outside outlets? > If you had a PBX in your home that was misconfigured and allowed > people to dial-in and then dial back out and get free long distance, > and your telephone company warned you about this weakness, forgives > your first month overages due to your being hacked, and yet you still > refused to fix the system, then you're toast. > > Under those circumstances, if someone makes $10M worth of long > distance calls via your PBX, then you're going to have to pay up. Of course, except in this case, the phone company can't easily tell the legitimate calls from the illegitimate ones and block only the illegitimate ones. Every analogy will break down, so don't expect to be able to convince people with analogies that seem so obviously right to you. Nothing is exactly accurate except the actual situation itself. And, again, alomst every contract has some insurance elements to it. There will be unusual cases where it's actually possible for the utility to lose money if something unusual happens. My main point is that the understanding that seems so obviously right to you may not seem so obviously right to your customers. As for all the people who talk about turning off their DSL access when they're away from home, they're missing the point. Obviously a person could do that. We could shut off our electricity when we leave home. We could have our telephone service temporarily disabled when we go on vacation too. A person could do all of these things. My point is that it's also perfectly reasonable for a person not to do these things. Because in general an ISP has more ability to control these things and it makes very little sense for a home user to insure an ISP, it makes more sense for the ISP to insure the user. In any unfortunate situation, you can find a hundred things that anyone could have done differently that would have avoided the situation. But that is not how you establish responsibility, financial or moral. You look at people who failed to use reasonable prudence. And, of course, the ISP always (or very nearly always) insures the user against the costs of inbound attack traffic that exceeds his line rate. The more demands you make of your customers, the more you decrease the value of your very own product. Frankly, if I ruled the world, obtaining Internet access would require a serious cluefulness test and you'd take a lot more responsiblity for generated traffic. I know a lot of people on this list wish things were the same way and sometimes want it so much that they're able to convince themselves that this is the way things actually are in the real world today. But they're not, and you may find that outside your group of friends, your views are found to be very odd by the majority of 'normal' (but, admittedly, inferior) people. The arguments that seem so obviously right to you may be greeted by amusement and the analogies you think work will be found unconvincing. This is because this argument is largely about other people's expectations. DS
|