You know.. The legality issues here are amazing, just think to yourself if say a machine at your company was compromized, and your ISP told all the rest of its customers and the world of the event (and possibly why it happened). Just how would you react? On Wed, Nov 18, 1998 at 03:26:18PM -0500, Chris Mauritz wrote:
I think it's important, as a service provider, to promptly inform your customers and affected networks of issues like this. And this isn't just an Exodus issue. There are a number of providers that simply ignore requests for information or are very slow about propagating exploit details quickly enough to matter. While they're not a provider, you can send a detailed exploit to CERT and then wait months before they get around to letting other folks know about the problem. And that's from an entity that supposedly exists to propagate useful information to prevent exploits....In the meantime, affected systems fall like flies. It's fortunate that venues like NANOG and BUQTRAQ are around to disseminate this type of information in a timeframe more useful to us all.
And back to the subject matter....I have no doubt that Exodus was working on the problem. It just would have been nice to be informed by *anyone* official there in a timely manner of the problem. That's both from a customer's standpoint, and the Internet at large.
I'm glad to see that everyone is agreeing here, that there was no doubt Exodus was working hard to end the issue. Why don't we just go onto another thread :) -- ------------------------------------------------------------------------------- : Steven Noble / Network Janitor / Be free my soul and leave this world alone : : My views = My views != The views of any of my past or present employers : -------------------------------------------------------------------------------