[NTLUG:Discuss] crackers

cbbrowne@godel.brownes.org cbbrowne at godel.brownes.org
Fri Aug 27 22:07:28 CDT 1999 

On Fri, 27 Aug 1999 14:27:26 CDT, the world broke into rejoicing as
Steve Baker <sjbaker1 at airmail.net>  said:
> Greg E wrote:
> > 
> >   4.  putting NTLUG behind it insures that not just anybody is being asked
> >       to attack your system, the requester is guaranteed that no hard will
> >       be done if the system is compromised
> 
> You'd have to be real careful what you promised.  Since NTLUG is now an
> actual organization, it can (presumably) be sued.  If someone paid NTLUG
> to check out their security - and subsequently were sucessfully cracked
> -
> we could be in the legal doo-doo.  Someone would have to write a nice
> airtight agreement with all the usual legal disclaimers.  Worse still
> would be if we had an errant member who decided to do a little cracking
> and subsequently claimed to be operating the service.

This is one problem with the idea.

Another problem is that "running a security consulting service" could
be quite readily argued to not fit all that well with the charter of
NTLUG Inc.

There are doubtless ways of making it work; the question is whether that
is actually worthwhile, both for the "Security Consultancy" as well as
for NTLUG.

- Does the NTLUG Inc. moniker confer a cachet of trust upon such a venture?
- Is it worth taking on the responsibility of trust?  What if we did get
  sued due to it breaking down?  Can we pursue the errant member that did
  the work on our behalf and thereby besmirched the good name of NTLUG?

Those latter two questions are ones I'd really rather never have to ask,
because the answers are really ugly any which way you look at it.

After all, if NTLUG gets sued, and doesn't have much money, it might prove
necessary to sue the members.  And short of things that would evoke Godwin's
Law, that's about the most terrible thing I could ever imagine happening.

> > MadHat wrote:
> > >
> > > You shouldn't have to pay.
> 
> I agree.
> 
> We all offer advice and help for free on this and other lists.  Advice
> and even testing on anti-cracker measures are just an extension of that.
> Once we start charging for one kind of help, where do we stop? Pay us
> $10 to set up Samba?  Pay us to $20 install Linux on your machine at
> LIP?
> 
> I don't think NTLUG needs money that badly.

We don't need money for the sake of having money.  The only good reason to
have money in the NTLUG context is to use it to further the understanding
and proliferation of Linux and other free software.  (There's a similar
wording in the Corporate Charter.)

I would have no problem with the idea of grateful users contributing funds
in thankfulness for the efforts of LIP.  If they feel overflowing in
generosity, far be it from us to tell them they can't contribute something
back :-).  

Actually, I'm not joking at all.  

Willingness to accept contributions == good.

Going on to *demand* contributions is quite another story...
--
Bushydo, the way of the shrub -- BONSAI!
cbbrowne at ntlug.org- <http://www.hex.net/~cbbrowne/lsf.html>

More information about the Discuss mailing list