lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 30 Sep 2008 17:03:07 -0400
From: "Eliah Kagan" <degeneracypressure@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: [inbox] Re: Supporters urge halt to, hacker's,
	extradition to US

Michael Krymson wrote:
> Wow, this whole discussion with a troll has gone on far longer than it ever
> should have.

So basically what you're saying is that we should all shut up and not
talk about an actual issue, and that trolls should be trolls and stay
away from discussion of actual issues?

Oh, I'm sorry, was that a straw man characterization? Were you saying
something subtly different? A lot of that going around.

n3td3v thinks that a server with passwords not set is fundamentally
different from an unlocked door. ("Can we get over houses, and cars,
this is the internet, the systems were PUBLIC DOMAIN.") I'd like to
see him defend that position.

But just in case you can't bring yourself to *believe* that it's a
defensible position, here's some food for thought:

SYN = May I come in.
SYN ACK = Sure.
ACK = OK, I'm coming in, in accordance with your wishes.

FIN (when server to client) = Time for you to leave.
FIN ACK (when client to server) = OK, I'm leaving.

RST (when server to client) = If you're in here then GTFO!

Once the three-way handshake is complete, the client is in the
server's house, and may go into any room (this is application-layer
now) not forbidden by a security mechanism or law of the land. One
would be hard pressed to argue that an authentication system without a
password set is a security mechanism.

Going through an open door into the bedroom may be impolite, and it
may incite bad feeling in the house's owner. But one would be
hard-pressed to say it would be illegal.

Is that a totally wrong analogy? Maybe. If it is, are we be sure it is
a wrong analogy, BEYOND REASONABLE DOUBT?

Again though, once you start leaving notes under the pillow in the
bedroom or opening a window to get in later, you've said GTFO to the
legal defensibility of your actions.

-Eliah

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists