| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 17 Apr 2011 17:35:59 +0000 From: "Thor (Hammer of God)" <thor@...merofgod.com> To: "noloader@...il.com" <noloader@...il.com>, "Valdis.Kletnieks@...edu" <Valdis.Kletnieks@...edu> Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: Re: Florida Power & Light Company (FPL) Fort Sumner Wind turbine Control SCADA was HACKED > > Oh, and many of the statutes *do not* > > include "intent" in them. So whether you're a black hat doing > > something evil, or a white hat investigating so you can tell them they > > have a problem, you're still in trouble. > Intent has nothing to do with using public services (I'm not sure how to > articulate it as a legal argument - sorry). If they are available and used, don't > complain after the fact. If a company does not want them used, they should > not advertise the service, or they should purchase a leased line. I've tried to articulate this a couple of times but have apparently not done a good job of it. The inclusion of "intent" in a statute is typically limited to serious crimes as it gives the defense a legal foothold to explicitly claim that there was no intent on behalf of the defendant, and therefore, are innocent. For example, first degree murder - the burden of proof is on the prosecution to prove that the murder was performed with intent to kill; if this cannot be proved, then the defendant can't be found guilty. That's on the legislative side of things... Where intent comes into play more commonly is on the judicial side where a judge may, at their discretion, derive a level of culpability based on the intent of the defendant. In that case, intent certainly CAN have something to do with using public services depending on the scenario. If nothing was actually "broken," the judge could still impose some level of sentence if they found the defendant intended to cause damage or break something. It is similar to the distinction between "assault" and "battery." You can be charged with assault simply by saying certain things to a person. Battery, of course, requires that you actually "harm" them (this can be verbal too). Though you might simply say something like "watch your back, you never know what might happen" if the judge considers it was your intent to actually threaten the person, you can be charged and found guilty of assault. The only reason I bring this up again is that in this environment, intent can certainly be used against you. It is clear that the person posting that information "intended" to harm FPL. The law won't say "you *HAVE* to intend to do it to be guilty," but the law can say "*IF* you intent to do it you are guilty" much like assault. This is also where "reasonable and customary" comes into play. Val always points out the "ignorance of the law is no excuse" angel, which is perfectly valid and true, but don't think that "not actually breaking anything" means that you are in the clear. t _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists