Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Suing Over Slammer
Mark Rasch, 2003-02-10

The Slammer worm was successful because thousands of users didn't patch Microsoft's security holes. Should we sue them all?

Comments Mode:
Suing Over Slammer 2003-02-10
Anonymous
No lawyer would DARE to take on the army of lawyers at Micro$oft. It would be a loosing propisition....

[ more ]  [ reply ]
Liability and Buffer Overflows... 2003-02-10
Nicholas Weaver
One related question: Although a patch was available, buffer overflows have been a known problem for over 2 decades. It's like "We provided a fix for the bridge which you didn't deploy, but built it wrong in the first place", the engineering firm would still probably be sued into the ground for gr...

[ more ]  [ reply ]
Suing Over Slammer - whom would you sue? 2003-02-10
Anonymous
After reading this, please tell me objectively whom you think should be sued (MS - who has released a patch; Me - who is aware of the patch; or this party - who is tying my hands)

http://infosource.bestsoftwareinc.com/Hypermedia/SES/SM/2461
1.htm

Did you see the line: " If you are running MAS 5...

[ more ]  [ reply ]
Suing Over Slammer 2003-02-11
Anonymous (1 replies)
There will always be errors in code, be it operating system or application. Slammer was successful becuase companies and users still insist on not following basic security tenets - where is the ingress/egress filtering on border routers, why is tcp/1433 and udp/1434 allowed through a firewall (if n...

[ more ]  [ reply ]
Suing Over Slammer 2003-02-11
Villy
While I am in absolute agreement with most of what you have to say,

I would suggest that your ultimate solution might be a little draconian

I don't know about you, but I have been known to make the odd mistake......

[ more ]  [ reply ]
Suing Over Slammer 2003-02-11
keydet89@yahoo.com
> The Slammer worm was successful because thousands of users
> didn't patch Microsoft's security holes. Should we sue them
> all?

Why is everyone focused on the patching issue? We all know that since even Microsoft was hit by Slammer, the patching routine just doesn't work.

From the very...

[ more ]  [ reply ]
Is Microsoft legally responsible 2003-02-11
Sick and tired of the excuses (5 replies)
"Sure, the SQL server shouldn't have been vulnerable -- but with hundreds of products comprising billions of lines of code, should Microsoft be required to discover and prevent every single vulnerability before releasing the product?"

The pure and simple answer is YES!

Using your automobile an...

[ more ]  [ reply ]
Is Microsoft legally responsible 2003-02-11
Villy.Madsen@atcoitek.com (1 replies)
I think that laying the blame at the feet of Microsoft is short sighted. Could their products be better - absolutely. Is it realistic to expect perfection - absolutely.

In simplistic terms, If 99% goodness costs $X, then 99.9% costs 10X, and 99.99% costs more than 100x and so forth.

So the q...

[ more ]  [ reply ]
Is Microsoft legally responsible 2003-02-12
Villy
I can't type...

the correct sentence is

Could their products be better - absolutely. Is it UNrealistic to expect perfection - absolutely.

As my old Electronics Teacher used to say

Engage Brain before opening mouth,

or

read what you wrote before hitting enter!!...

[ more ]  [ reply ]
Is Microsoft legally responsible 2003-02-12
RobJ (1 replies)
Would hold only Microsoft accountable your high standards? How about code written 10, 15, 20 years ago? Is it still liable? Have you devised a way to test code for every possible vulnerability, known and unknown? How would you design code for an yet to be created attack?

Using your analogy,...

[ more ]  [ reply ]
Is Microsoft legally responsible 2003-02-12
Sick and tired of the excuses (1 replies)
No I do not only hold Microsoft accountable, they unfortunatly for us are what most people use. All programers should be held accountable for their code. No you can't test for every possible vulnerablity, but almost every vulnerability found to date is buffer overflow related. That is detectable and...

[ more ]  [ reply ]
Is Microsoft legally responsible 2003-02-19
Anonymous
even i disagree with Microsoft's policies i don't consider Microsoft responsible for this one...

let's be honest... the patch for the vulnerabilty Slammer exploited was released with more than 6 months ago... if the admins would have patched their systems there would have been no problem... the w...

[ more ]  [ reply ]
Is Microsoft legally responsible 2003-02-14
Anonymous
I love analogies, they are so close and yet so far out.
Automobile: relativly simple mechanical construction, designed for use in certain situations.
You take a car and use it to jump lorries, via a flaming hook, and I am pretty certain tht in the event of injury, the manufacture will say: HaHa
T...

[ more ]  [ reply ]
Is Microsoft legally responsible 2003-02-14
Anonymous
Hmmm,with a patch released 6 months prior? Im thinking a firing of sys admins is in order......

[ more ]  [ reply ]
Is Microsoft legally responsible 2003-02-18
Anonymous
While a "licensed" user of any MS product releases MS from liability, what about network systems owners and providers who suffer real damages every time there is a bug in a product? Shouldn't they be able to collect damages from the company that makes the product?

Continuing the car analogy - doe...

[ more ]  [ reply ]
Fraudulent claims of loss 2003-02-11
Fra. 219
When a company publicly claims some massive dollar figure as a loss due to a security incident -- be it a break-in from a Kevin Mitnick, or a denial of service due to a worm such as Slapper, I always wonder: Is this company going to list this loss in its securities filings? Companies are required ...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus