| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: If Lycos can attack spammer sites, can we all start doing it? On Wed, 01 Dec 2004 22:22:30 EST, KrispyKringle said: > The Computer Fraud and Abuse Act > (http://www.usdoj.gov/criminal/cybercrime/1030_new.html) forbids one to, > among other things, ``knowingly cause the transmission of a program, > information, code, or command, and as a result of such conduct, > intentionally cause damage without authorization, to a protected > computer,'' which pretty much covers viruses and other malware. This > would appear to apply to the Lycos software as well, given that it > ``causes damage without authorization to a protected computer.'' So that > is the key point, one that has not, to my knowledge, been tested in court. The point that Lycos is probably betting on is the "causes damage". If their rate-limiting works, they're *NOT* actually causing a DDoS - if the site is still responding, claiming "damage to the computer" is quite the reach. Damage to the bandwidth bill from your provider - that's something else. Not sure that's a criminal offense, but I'd not be at all surprised if the ISP left holding the bag for the unpail bill (what - you think the spammer will actually pay for the bandwidth? ;) might go after Lycos on the "your actions cost me money" theory of civil tort. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041202/439af542/attachment.bin
Powered by blists - more mailing lists