lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.44.0401241227520.7720-100000@keg.the7thbeer.com>
Date: Sat, 24 Jan 2004 12:32:11 -0800 (PST)
From: ed@...7thbeer.com
To: Dinesh Nair <dinesh@...haque.com>
Cc: Daniel.Capo@....net.br, <computerguy@....rr.com>,
	<BUGTRAQ@...urityfocus.com>
Subject: Re: Major hack attack on the U.S. Senate


> which begs the question, unless it was explicitly labelled as such, how
> would the accessor know that he was committing unauthorized access ?

Notice is not required to constitute an offense generally under the
criminal laws (there are exceptions elsewhere, but this is not one of
them) of the United States.  For example, trespass does not require you
show posting of "No Trespassing" signs.  Courts will generally hold one to
a reasonable person standard and consider the actus reus and
the mens rea of the defendant.  In other words, a judicial shaking of the
finger coupled with a "you should know better" is sufficient.  You do not
need to have a banner saying "Authorized users only" to "criminalize" the
act.  Similarly, lack of a banner does not "decriminalize" the act.

> this is quite similar to sites say, accidentally exporting windows or nfs
> shares out to the internet. a query of the server will return a mount
> request legitimate.

Nothing of the sort.  You may have other liability for accidentally
exporting an NFS or CIFS share to the net, but you do not negate criminal
liability for invasion of that share.  Yes, there are some exceptions
about areas of the public domain, but IIRC accidental sharing does not
constitute public domain.

-ed



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ