lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri Jun 2 06:38:39 2006 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: scanning On Fri, 02 Jun 2006 00:34:35 EDT, Simon Smith said: > who ran nessus against you but never penetrated your systems. From > expereince, the FBI only takes interest in crimes that cause roughly > $50,000.00 in damage or more. If you are below that mark or if they are > too busy... you won't get jack unless you pay for it. Note however that there is case-law precedent in the US where the costs of investigation and clean-up can be counted toward the $5,000 requirement in 18 USC 1030(a)5(B)(i). The big gotchas there are the phrases "would have caused" and "aggregated". http://www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00001030----000-.html What's this mean? It means that if you scan some lame-ass system and it crashes as a result, you might be in deep shit. And "it shouldn't have crashed from a portscan" does *not* hold up in court. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060602/08b296df/attachment.bin
Powered by blists - more mailing lists