lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 02 Feb 2004 23:02:33 -0500
From: rsh@...rect.com
To: Mariusz Woloszyn <emsi@...rtners.pl>
Cc: BUGTRAQ@...urityfocus.com
Subject: Re: [security] Re: Major hack attack on the U.S. Senate


On Thu, 29 Jan 2004 17:09:27 +0100 (CET), you wrote:

>On Fri, 23 Jan 2004 Daniel.Capo@....net.br wrote:
>
>> > Which means the Democrats screwed up setting up their own share point and
>> > allowed public access to it.  There was no "computer glitch" which was
>> > "exploited".  This was completely a human screw-up.  And there was no
>> > hacking ("exploitation of a computer glitch") done by the Republicans.
>> > Unless you wish to call clicking on a share point configured with public
>> > access and opening it up "hacking".
>>
>> AFAIK, "hacking" is legally defined in the USA as being unauthorized
>> access to computer resources. It doesn't matter if the resource was
>> adequately protected (or protected at all) in first place or not. If you
>> were not given permission to make use of that resource, you are
>> criminally liable.
>>
>Do you have an explicit permission to read the content of a www.cnn.com?
>What is the difference between opening a web URL and a network share?

In a word, Intent.  If a CNN intends you to read the news on their web
site and gets advertising revenue when you do, you are not hacking when
you go there.  If the Senate does NOT intend you to read their files and
leaves open a network share in error or through ignorance, you are
hacking when you go there.  As silly as it seems, that is the way the
laws were designed to work.

We have a similar silly law in Canada re digital scanners. Before they
existed the government was afraid someone could listen in on their
digital cell phones so they set up a regulation that you need a license
to buy a digital scanner.  This was in 1994, before these scanners even
existed. Now they exist and the cell phones use encryption that the
scanners cannot decrypt, but the 'regulation' is enforced because it is
on the books.  Does it mean anything? No, we simply buy the scanners in
the US!  It is not illegal to own a digital scanner without a license,
after all... just to BUY it without one.  Incidently, they have not yet
set up any routine to issue a license, and I doubt they ever will!

rsh
=====================================================
R.S.H.                            Toronto, ON, Canada

                 Copyright retained.
             My opinions - no one elses...
 If this is illegal where you are, do not read it!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ