| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 Sep 2008 00:15:19 -0500 From: rholgstad <rholgstad@...il.com> To: James Matthews <nytrokiss@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: [inbox] Re: Supporters urge halt to hacker's, extradition to US thanks for this amazing insight. you must be a 5 time cissp James Matthews wrote: > When you break into a system using an exploit there is a chance that > the shellcode will crash the system. > > On Sun, Sep 28, 2008 at 11:03 AM, Exibar <exibar@...lair.com > <mailto:exibar@...lair.com>> wrote: > > McKinnon did cause damage: > > "The charges include one incident - shortly after the attacks on > September > 11 2001 - which brought down a network of 300 computers at the > Earle naval > weapons station. Another raid apparently left 2,000 government > machines in > Washington inoperable." > http://www.guardian.co.uk/technology/2006/apr/28/hacking.security > > A message left by him on a system: > > "As part of his quest he left this message on an Army computer in > 2002: > "U.S. foreign policy is akin to government-sponsored terrorism these > days.... It was not a mistake that there was a huge security stand > down on > September 11 last year ... I am SOLO. I will continue to disrupt > at the > highest levels." > http://blog.wired.com/27bstroke6/2008/08/uk-hacker-gary.html (and > many > other sources with the same message) > > Sure sounds like a criminal that knows what he's doing, and is > doing it > willfully, doesn't it? > > Oh yah, and he's really only facing a fine and up to 10 years of > prison > time in the US... I guess things really are different translating > to the > metric system in the UK... > http://www.fortlewismwr.com/Computer_Fraud_Abuse_Act.htm > > Wondering what the maximum term in the UK is for the same crime? > Hold on > to your seat... > LIFE IN PRISON (see next paragraph) > > "As the Divisional Court itself pointed out (at para 34), the > gravity of the > offences alleged against the appellant should not be understated: the > equivalent domestic offences include an offence under section 12 > of the > Aviation and Maritime Security Act 1990 for which the maximum > sentence is > life imprisonment." > http://www.publications.parliament.uk/pa/ld200708/ldjudgmt/jd080730/mckinn-1 > .htm > <http://www.publications.parliament.uk/pa/ld200708/ldjudgmt/jd080730/mckinn-1.htm> > That link is a link to the very court brief itself on McKinnin's > appeal > in the UK... > > McKinnon should face the charges of computer crime that he's > facing. He > should, and will, be tried, either in the US or in the UK. But, > keep in > mind that it is the UK that will extradite him, and it is the UK > that has > ruled that he *should* be extradited for his crimes.... > > > Ok, I'm done now :-) > > Exibar > > > -----Original Message----- > From: full-disclosure-bounces@...ts.grok.org.uk > <mailto:full-disclosure-bounces@...ts.grok.org.uk> > [mailto:full-disclosure-bounces@...ts.grok.org.uk > <mailto:full-disclosure-bounces@...ts.grok.org.uk>] On Behalf Of > Kyrian > Sent: Sunday, September 28, 2008 7:31 AM > To: full-disclosure@...ts.grok.org.uk > <mailto:full-disclosure@...ts.grok.org.uk> > Subject: [inbox] Re: [Full-disclosure] Supporters urge halt to > hacker's,extradition to US > > full-disclosure-request@...ts.grok.org.uk > <mailto:full-disclosure-request@...ts.grok.org.uk> wrote: > >> "American officials involved in this case have stated that they > want > >> to see him 'fry'."-- BBC. > >> > [IANAL, correct me if I'm wrong, etc, but...] > > Yes, that's a large part of the problem. > > That courts *can* be bought (usually indirectly via already-bought > officials, or more nasty methods), and that government officials have > said the above makes it worse still. > > The thought that US law was apparently changed from requiring > damage to > systems to get a conviction to not requiring such damage, very > recently, > is another problem. > > The fact that neither the US or the UK (as far as I'm aware) actually > has a sane enough legal framework for this sort of thing, or enough > police (anyonewho's dealt with the UK's former "High Tech Crime Unit" > will know this), judges (there are many examples of judges being > "out of > touch" in their rulings), etc. who are actually aware enough of the > underlying technology to deal with it sensibly is another. > > I agree with whoever said that people should be extradited to the > country in which they caused damage, but not under circumstances like > these, and not when there is no agreed standard of law between the > country the person would be extradited from, and the one they > would go to. > > In the UK it still requires damage to be done for it to be a criminal > offense, and that does not seem set to change. > > That it is possible to cause damage to (badly managed) systems by > doing > absolutely nothing in a lot of circumstances (as I am finding right > now), that logs can be faked, and that the dividing line between > probes > versus actual hacking attempts is at times a very narrow one, there is > plenty of reason not to agree extradite Gary. > > That he's "autistic" is probably neither here nor there, I'm > afraid, as > it seems to be very common for people involved in computing the be > somewhere high on the autistic spectrum (even if they are not > 'officially' autistic). I have taken the test. I'm not telling, but I > know what I'm talking about. > > So, I shall be there, I won't be shouting or chanting, but I will be > there. I hope that the event is not hijacked by another purpose, and > that I do not get shot by the armed police at the US Embassy there (it > is a scarey looking place, which puts me on edge whenever I'm near). > Strangely I also find myself wondering if the staff there are > paying the > London congestion charge yet, rather than ignoring it...? > > Just my 2c, or so. > > K. > > -- > Kev Green, aka Kyrian. E: kyrian@ore.org <http://ore.org> WWW: > http://kyrian.ore.org/ > Linux/Security <http://kyrian.ore.org/Linux/Security> > Contractor/LAMP Coder/ISP, via http://www.orenet.co.uk/ > DJ via http://www.hellnoise.co.uk/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > -- > http://www.goldwatches.com/ > > http://www.jewelerslounge.com/ > ------------------------------------------------------------------------ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists