| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 24 Jan 2004 12:32:11 -0800 (PST) From: ed@...7thbeer.com To: Dinesh Nair <dinesh@...haque.com> Cc: Daniel.Capo@....net.br, <computerguy@....rr.com>, <BUGTRAQ@...urityfocus.com> Subject: Re: Major hack attack on the U.S. Senate > which begs the question, unless it was explicitly labelled as such, how > would the accessor know that he was committing unauthorized access ? Notice is not required to constitute an offense generally under the criminal laws (there are exceptions elsewhere, but this is not one of them) of the United States. For example, trespass does not require you show posting of "No Trespassing" signs. Courts will generally hold one to a reasonable person standard and consider the actus reus and the mens rea of the defendant. In other words, a judicial shaking of the finger coupled with a "you should know better" is sufficient. You do not need to have a banner saying "Authorized users only" to "criminalize" the act. Similarly, lack of a banner does not "decriminalize" the act. > this is quite similar to sites say, accidentally exporting windows or nfs > shares out to the internet. a query of the server will return a mount > request legitimate. Nothing of the sort. You may have other liability for accidentally exporting an NFS or CIFS share to the net, but you do not negate criminal liability for invasion of that share. Yes, there are some exceptions about areas of the public domain, but IIRC accidental sharing does not constitute public domain. -ed
Powered by blists - more mailing lists