|
 |
"Warp" <war### [at] tag povrayorg> wrote in message
news:48cc0297@news.povray.org...
> somebody <x### [at] ycom> wrote:
> > > A security hole report does not cause waking up the sysadmin in the
> > > middle of the night and paying overtime wages or taking the system
> > offline.
> > Really? If I send you an e-mail listing all your financial and
confidential
> > information, won't you
> No, because I don't read my email in the middle of the night, while
> sleeping.
You should. If you did, you'd only waste the rest of your night. If you read
your e-mail in the morning and get my e-mail, you'll waste the rest of the
day.
> > > It causes the sysadmin to send a report to the software house with
which
> > > they have a software license so that they will fix the security hole.
At
> > > regular working hours.
> > Not all systems are such turnkey operations, and the vendor won't
himself
> > have a fix for every type of security breach even if they were.
> And thus it's better for the sysadmins *not* knowing about the security
> hole?
It's best for the sysadmins to have fixed the hole before anybody hacked the
system. Next best is for them knowing about the hole and nobody having
hacked the system. Next best is for them to not know about the hole and
nobody having hacked the system... etc.
You are using the psychic defense: If I didn't hack the system, someone more
malicious than I would, so I'm doing the sysadmins a favour. Sorry, that's a
ridiculous argument .
Yes, crimes sometimes can have positive after effects. Had someone had shot
the engineer of the passenger train that crashed in California that morning,
everything would have turned out better, no? But can we base our legal
systems on possibilities?
Post a reply to this message
|
|
