[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20031001203210.GA57972@netpublishing.com>
From: ggilliss at netpublishing.com (Gregory A. Gilliss)
Subject: NINCOMPOOPERY OF MICROSOFT
IANAL and I only can reference law in the USA. YMMV.
Once upon a time, hackers were people who wanted to understand how things
worked. They were not criminals. The reason that they were not criminals
was that there were no laws passed that said that what they were doing
was against the law :)
A person cannot be accused of a crime unless there is a law in existence
that they can be accused of violating. Thus Congress set about creating
laws so that the judicial process would have laws to accuse people of
breaking.
Onel de Guzman basically got a "get out of jail free" card when he released
the Lovebug virus for the simple reason that the Phillipines did not at that
time have a law that made his actions criminal, therefore they could not
charge him with a crime. Needless to say that little oversight was changed
muy pronto.
Currently, in the USA it is illegal to attempt a connection or to connect
or to gain access or to modify any computer inside or outside of the USA
without the owner's permission or with the intent of doing harm. Yes,
Virginia, port scanning is a crime. Heck, if I telnet manually to
lists.netsys.com on port 25 and type in this message and *try* VRFY and
EXPN, I could be charged with a crime because that is not the way that
the SMTP service is used in practice (most people use automated MUAs) and
because it could be argued that my attempted use of VRFY and EXPN were
not "usual" and that therefore I must have been trying to do something
wrong or illegal. Whether or not what I did is illegal is a point of fact,
and has to be decided by a jury trial in a court of law.
Reality - the Federal Bureau of Investigation (FBI) likely will not even
make the effort to prosecute computer crimes that cannot be said to have
caused significant (like US$500,000) amounts of damage. It's just not
worth the time and resources for them to assign people to port scanning.
That's also why "...the pentagon reported that hackers attempted to
access critical infrastructure computers ten gazillion times last year..."
statements are a farce, because my nmap scan of 65,535 potential open
ports on their firewall doesn't count as 65,535 attempts to access
critical infrastructure - it's just a damned port scan. But, like
Halloween, it's easier to get money from people if you scare them first.
>-)
G
On or about 2003.10.01 22:06:46 +0000, Georgi Guninski (guninski@...inski.com) said:
> This user Bullmur should be carefull with the word "criminal".
>
> Question to the lawyers on the list:
> It is my understanding that "criminal" is someone who breaks the law.
> microsoft seem to have been found guilty by a court in the antitrust trial, so they seem to have broken the law.
>
> Are microsoft criminals from legal point of view?
>
> Or does justice work this way: if you deface a website, you are a criminal, but if you screw most of the internet you are a hero?
--
Gregory A. Gilliss, CISSP Telephone: 1 650 872 2420
Computer Engineering E-mail: greg@...liss.com
Computer Security ICQ: 123710561
Software Development WWW: http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3
Powered by blists - more mailing lists