On Sat, 05 May 2012 19:33:52 -0000, washington_u_getmama@xxxxxxxxxxxx said: > dearest FD the university of washington server has been feeding *the* server, or *a* server? precision in writing is often useful - I have literally several thousand servers across the hall here. > if they can not keep the servers safe from the public then what are > they getting paid to do? So in a bored moment, I took a look at the list, and noticed the following: 1) There's only a very limited number of upper-level pathnames: /nfs/aesop02/hw22/d23/sauf/hubproject/ (493 files) /nfs/aesop01/hw11/d04/geog/wordpress/ (605 files) /nfs/aesop01/hw11/d08/rjsanyal/ (326 files) /nfs/aesop01/hw11/d29/drobnygp/wordpress/ (658 files) /nfs/aesop01/hw12/d56/dwsamplr/ (2 files) /nfs/giovanni11/dw21/d98/uwfarm (1 file) /nfs/aesop03/hw31/d24/cerid/ (1 file) /nfs/giovanni13/dw23/d68/uwkc/phpBB3/cache/ (129 files) /nfs/giovanni13/dw23/d95/rgeorgi/ (2 files) /nfs/giovanni13/dw23/d15/ckwalsh/post_versions/ (50 files) /nfs/giovanni13/dw23/d72/ukc/wordpress/ (308 files) /nfs/aesop01/hw11/d04/geog/wordpress/ (1 file) 2) The pathnames certainly look like they have components that are probably userids or department hames - and there's only 12 of them. 3) UW is like 30K students. If out of 30K students, only 12 have gotten hit with this thing, that's an incredibly *good* track record. So this raises the question - what *exactly* does the UW AUP say? This becomes important, because we need to know that to resolve several questions: 1) If a user uploads infected files, or creates a publically writable directory that then gets used to upload the files, is it the user's responsibility or UW's to clean up the user's mess? 2) Does UW even have the *right* to take down a user file without lots of due process just because it's infected with something? At least in the US, an ISP has a "safe harbor" exemption under 17 USC 512 that the ISP has no liability for copyright-infringing material uploaded by a user as long as they respond to takedown notices. And that's for files who's very existence is *illegal*. I don't think anybody on this list (with the possible exception of n3td3v if he's still lurking) wants the ISP to have the right (or worse, the responsibility) to auto-nuke files that are merely "likely dangerous" - simply because "likely dangerous" is a very slippery slope indeed. And since UW is a university, the whole "academic freedom" thing means it's usually even tougher to take a user's stuff down without lots of due process.
Attachment:
pgp2o_0RFdEHN.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/