lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <41AE8A76.9060702@gmail.com>
From: krispykringle at gmail.com (KrispyKringle)
Subject: If Lycos can attack spammer sites, can we all
 start doing it?

n3td3v wrote:
> Could botnets actually become legal, as long as they only attack
> unsolicited mail, 

Not being a lawyer, I still think you've missed the point.

The defense Lycos is using is NOT that these are spammers sites, so this
is somehow legal--it would not be. Vigilantiism is never legal; you
would never be able to defend something that would otherwise be criminal
as legal simply because it is being done against a criminal. The defense
they are using is that it is a fundamental principle of the Internet
that one can visit a Web server, and that to visit the server many
times--even at risk of denying service--is not illegal.

The Computer Fraud and Abuse Act
(http://www.usdoj.gov/criminal/cybercrime/1030_new.html) forbids one to,
among other things, ``knowingly cause the transmission of a program,
information, code, or command, and as a result of such conduct,
intentionally cause damage without authorization, to a protected
computer,'' which pretty much covers viruses and other malware. This
would appear to apply to the Lycos software as well, given that it
``causes damage without authorization to a protected computer.'' So that
is the key point, one that has not, to my knowledge, been tested in court.

I'm actually unable to find anything more specific regarding DoS attacks
in the Computer Fraud and Abuse Act, but I don't know much more about
what laws govern these actions. The CFAA seems to be focussed on
unauthorized access, not denial of service.

Of course, there's also the civil common law issues, specifically
whether it is negligent of Lycos to distribute such a program.

IANAL.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ