lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 28 Sep 2008 20:30:50 -0700
From: "James Matthews" <nytrokiss@...il.com>
To: Exibar <exibar@...lair.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [inbox] Re: Supporters urge halt to hacker's,
	extradition to US

When you break into a system using an exploit there is a chance that the
shellcode will crash the system.

On Sun, Sep 28, 2008 at 11:03 AM, Exibar <exibar@...lair.com> wrote:

>  McKinnon did cause damage:
>
> "The charges include one incident - shortly after the attacks on September
> 11 2001 - which brought down a network of 300 computers at the Earle naval
> weapons station. Another raid apparently left 2,000 government machines in
> Washington inoperable."
> http://www.guardian.co.uk/technology/2006/apr/28/hacking.security
>
>  A message left by him on a system:
>
> "As part of his quest he left this message on an Army computer in 2002:
> "U.S. foreign policy is akin to government-sponsored terrorism these
> days.... It was not a mistake that there was a huge security stand down on
> September 11 last year ... I am SOLO. I will continue to disrupt at the
> highest levels."
> http://blog.wired.com/27bstroke6/2008/08/uk-hacker-gary.html  (and many
> other sources with the same message)
>
>  Sure sounds like a criminal that knows what he's doing, and is doing it
> willfully, doesn't it?
>
>  Oh yah, and he's really only facing a fine and up to 10 years of prison
> time in the US...  I guess things really are different translating to the
> metric system in the UK...
>  http://www.fortlewismwr.com/Computer_Fraud_Abuse_Act.htm
>
>  Wondering what the maximum term in the UK is for the same crime?  Hold on
> to your seat...
> LIFE IN PRISON (see next paragraph)
>
> "As the Divisional Court itself pointed out (at para 34), the gravity of
> the
> offences alleged against the appellant should not be understated: the
> equivalent domestic offences include an offence under section 12 of the
> Aviation and Maritime Security Act 1990 for which the maximum sentence is
> life imprisonment."
>
> http://www.publications.parliament.uk/pa/ld200708/ldjudgmt/jd080730/mckinn-1
> .htm<http://www.publications.parliament.uk/pa/ld200708/ldjudgmt/jd080730/mckinn-1.htm>
>   That link is a link to the very court brief itself on McKinnin's appeal
> in the UK...
>
>   McKinnon should face the charges of computer crime that he's facing.  He
> should, and will, be tried, either in the US or in the UK.  But, keep in
> mind that it is the UK that will extradite him, and it is the UK that has
> ruled that he *should* be extradited for his crimes....
>
>
> Ok, I'm done now :-)
>
>  Exibar
>
>
> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Kyrian
> Sent: Sunday, September 28, 2008 7:31 AM
> To: full-disclosure@...ts.grok.org.uk
> Subject: [inbox] Re: [Full-disclosure] Supporters urge halt to
> hacker's,extradition to US
>
> full-disclosure-request@...ts.grok.org.uk wrote:
> >> "American officials involved in this case have stated that they want
> >> to see him 'fry'."-- BBC.
> >>
> [IANAL, correct me if I'm wrong, etc, but...]
>
> Yes, that's a large part of the problem.
>
> That courts *can* be bought (usually indirectly via already-bought
> officials, or more nasty methods), and that government officials have
> said the above makes it worse still.
>
> The thought that US law was apparently changed from requiring damage to
> systems to get a conviction to not requiring such damage, very recently,
> is another problem.
>
> The fact that neither the US or the UK (as far as I'm aware) actually
> has a sane enough legal framework for this sort of thing, or enough
> police (anyonewho's dealt with the UK's former "High Tech Crime Unit"
> will know this), judges (there are many examples of judges being "out of
> touch" in their rulings), etc. who are actually aware enough of the
> underlying technology to deal with it sensibly is another.
>
> I agree with whoever said that people should be extradited to the
> country in which they caused damage, but not under circumstances like
> these, and not when there is no agreed standard of law between the
> country the person would be extradited from, and the one they would go to.
>
> In the UK it still requires damage to be done for it to be a criminal
> offense, and that does not seem set to change.
>
> That it is possible to cause damage to (badly managed) systems by doing
> absolutely nothing in a lot of circumstances (as I am finding right
> now), that logs can be faked, and that the dividing line between probes
> versus actual hacking attempts is at times a very narrow one, there is
> plenty of reason not to agree extradite Gary.
>
> That he's "autistic" is probably neither here nor there, I'm afraid, as
> it seems to be very common for people involved in computing the be
> somewhere high on the autistic spectrum (even if they are not
> 'officially' autistic). I have taken the test. I'm not telling, but I
> know what I'm talking about.
>
> So, I shall be there, I won't be shouting or chanting, but I will be
> there. I hope that the event is not hijacked by another purpose, and
> that I do not get shot by the armed police at the US Embassy there (it
> is a scarey looking place, which puts me on edge whenever I'm near).
> Strangely I also find myself wondering if the staff there are paying the
> London congestion charge yet, rather than ignoring it...?
>
> Just my 2c, or so.
>
> K.
>
> --
> Kev Green, aka Kyrian. E: kyrian&#64;ore.org WWW: http://kyrian.ore.org/
> Linux/Security <http://kyrian.ore.org/Linux/Security> Contractor/LAMP
> Coder/ISP, via http://www.orenet.co.uk/
>                 DJ via http://www.hellnoise.co.uk/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
http://www.goldwatches.com/

http://www.jewelerslounge.com/

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ