lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20031001203210.GA57972@netpublishing.com>
From: ggilliss at netpublishing.com (Gregory A. Gilliss)
Subject: NINCOMPOOPERY OF MICROSOFT

IANAL and I only can reference law in the USA. YMMV.

Once upon a time, hackers were people who wanted to understand how things 
worked. They were not criminals. The reason that they were not criminals
was that there were no laws passed that said that what they were doing
was against the law :)

A person cannot be accused of a crime unless there is a law in existence
that they can be accused of violating. Thus Congress set about creating
laws so that the judicial process would have laws to accuse people of
breaking.

Onel de Guzman basically got a "get out of jail free" card when he released 
the Lovebug virus for the simple reason that the Phillipines did not at that
time have a law that made his actions criminal, therefore they could not
charge him with a crime. Needless to say that little oversight was changed
muy pronto.

Currently, in the USA it is illegal to attempt a connection or to connect
or to gain access or to modify any computer inside or outside of the USA
without the owner's permission or with the intent of doing harm. Yes,
Virginia, port scanning is a crime.  Heck, if I telnet manually to
lists.netsys.com on port 25 and type in this message and *try* VRFY and 
EXPN, I could be charged with a crime because that is not the way that
the SMTP service is used in practice (most people use automated MUAs) and
because it could be argued that my attempted use of VRFY and EXPN were
not "usual" and that therefore I must have been trying to do something
wrong or illegal. Whether or not what I did is illegal is a point of fact,
and has to be decided by a jury trial in a court of law.

Reality - the Federal Bureau of Investigation (FBI) likely will not even
make the effort to prosecute computer crimes that cannot be said to have
caused significant (like US$500,000) amounts of damage. It's just not
worth the time and resources for them to assign people to port scanning.
That's also why "...the pentagon reported that hackers attempted to 
access critical infrastructure computers ten gazillion times last year..."
statements are a farce, because my nmap scan of 65,535 potential open
ports on their firewall doesn't count as 65,535 attempts to access
critical infrastructure - it's just a damned port scan. But, like 
Halloween, it's easier to get money from people if you scare them first.

>-)

G

On or about 2003.10.01 22:06:46 +0000, Georgi Guninski (guninski@...inski.com) said:

> This user Bullmur should be carefull with the word "criminal".
> 
> Question to the lawyers on the list:
> It is my understanding that "criminal" is someone who breaks the law.
> microsoft seem to have been found guilty by a court in the antitrust trial, so they seem to have broken the law.
> 
> Are microsoft criminals from legal point of view?
> 
> Or does justice work this way: if you deface a website, you are a criminal, but if you screw most of the internet you are a hero?

-- 
Gregory A. Gilliss, CISSP                             Telephone: 1 650 872 2420
Computer Engineering                                   E-mail: greg@...liss.com
Computer Security                                                ICQ: 123710561
Software Development                          WWW: http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ