| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 28 Sep 2008 22:19:55 -0700
From: "James Matthews" <nytrokiss@...il.com>
To: rholgstad <rholgstad@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [inbox] Re: Supporters urge halt to hacker's,
extradition to US
7 :p
On Sun, Sep 28, 2008 at 10:15 PM, rholgstad <rholgstad@...il.com> wrote:
> thanks for this amazing insight. you must be a 5 time cissp
>
> James Matthews wrote:
>
>> When you break into a system using an exploit there is a chance that the
>> shellcode will crash the system.
>>
>> On Sun, Sep 28, 2008 at 11:03 AM, Exibar <exibar@...lair.com <mailto:
>> exibar@...lair.com>> wrote:
>>
>> McKinnon did cause damage:
>>
>> "The charges include one incident - shortly after the attacks on
>> September
>> 11 2001 - which brought down a network of 300 computers at the
>> Earle naval
>> weapons station. Another raid apparently left 2,000 government
>> machines in
>> Washington inoperable."
>> http://www.guardian.co.uk/technology/2006/apr/28/hacking.security
>>
>> A message left by him on a system:
>>
>> "As part of his quest he left this message on an Army computer in
>> 2002:
>> "U.S. foreign policy is akin to government-sponsored terrorism these
>> days.... It was not a mistake that there was a huge security stand
>> down on
>> September 11 last year ... I am SOLO. I will continue to disrupt
>> at the
>> highest levels."
>> http://blog.wired.com/27bstroke6/2008/08/uk-hacker-gary.html (and
>> many
>> other sources with the same message)
>>
>> Sure sounds like a criminal that knows what he's doing, and is
>> doing it
>> willfully, doesn't it?
>>
>> Oh yah, and he's really only facing a fine and up to 10 years of
>> prison
>> time in the US... I guess things really are different translating
>> to the
>> metric system in the UK...
>> http://www.fortlewismwr.com/Computer_Fraud_Abuse_Act.htm
>>
>> Wondering what the maximum term in the UK is for the same crime?
>> Hold on
>> to your seat...
>> LIFE IN PRISON (see next paragraph)
>>
>> "As the Divisional Court itself pointed out (at para 34), the
>> gravity of the
>> offences alleged against the appellant should not be understated: the
>> equivalent domestic offences include an offence under section 12
>> of the
>> Aviation and Maritime Security Act 1990 for which the maximum
>> sentence is
>> life imprisonment."
>>
>> http://www.publications.parliament.uk/pa/ld200708/ldjudgmt/jd080730/mckinn-1
>> .htm
>> <
>> http://www.publications.parliament.uk/pa/ld200708/ldjudgmt/jd080730/mckinn-1.htm
>> >
>> That link is a link to the very court brief itself on McKinnin's
>> appeal
>> in the UK...
>>
>> McKinnon should face the charges of computer crime that he's
>> facing. He
>> should, and will, be tried, either in the US or in the UK. But,
>> keep in
>> mind that it is the UK that will extradite him, and it is the UK
>> that has
>> ruled that he *should* be extradited for his crimes....
>>
>>
>> Ok, I'm done now :-)
>>
>> Exibar
>>
>>
>> -----Original Message-----
>> From: full-disclosure-bounces@...ts.grok.org.uk
>> <mailto:full-disclosure-bounces@...ts.grok.org.uk>
>> [mailto:full-disclosure-bounces@...ts.grok.org.uk
>> <mailto:full-disclosure-bounces@...ts.grok.org.uk>] On Behalf Of
>> Kyrian
>> Sent: Sunday, September 28, 2008 7:31 AM
>> To: full-disclosure@...ts.grok.org.uk
>> <mailto:full-disclosure@...ts.grok.org.uk>
>> Subject: [inbox] Re: [Full-disclosure] Supporters urge halt to
>> hacker's,extradition to US
>>
>> full-disclosure-request@...ts.grok.org.uk
>> <mailto:full-disclosure-request@...ts.grok.org.uk> wrote:
>> >> "American officials involved in this case have stated that they
>> want
>> >> to see him 'fry'."-- BBC.
>> >>
>> [IANAL, correct me if I'm wrong, etc, but...]
>>
>> Yes, that's a large part of the problem.
>>
>> That courts *can* be bought (usually indirectly via already-bought
>> officials, or more nasty methods), and that government officials have
>> said the above makes it worse still.
>>
>> The thought that US law was apparently changed from requiring
>> damage to
>> systems to get a conviction to not requiring such damage, very
>> recently,
>> is another problem.
>>
>> The fact that neither the US or the UK (as far as I'm aware) actually
>> has a sane enough legal framework for this sort of thing, or enough
>> police (anyonewho's dealt with the UK's former "High Tech Crime Unit"
>> will know this), judges (there are many examples of judges being
>> "out of
>> touch" in their rulings), etc. who are actually aware enough of the
>> underlying technology to deal with it sensibly is another.
>>
>> I agree with whoever said that people should be extradited to the
>> country in which they caused damage, but not under circumstances like
>> these, and not when there is no agreed standard of law between the
>> country the person would be extradited from, and the one they
>> would go to.
>>
>> In the UK it still requires damage to be done for it to be a criminal
>> offense, and that does not seem set to change.
>>
>> That it is possible to cause damage to (badly managed) systems by
>> doing
>> absolutely nothing in a lot of circumstances (as I am finding right
>> now), that logs can be faked, and that the dividing line between
>> probes
>> versus actual hacking attempts is at times a very narrow one, there is
>> plenty of reason not to agree extradite Gary.
>>
>> That he's "autistic" is probably neither here nor there, I'm
>> afraid, as
>> it seems to be very common for people involved in computing the be
>> somewhere high on the autistic spectrum (even if they are not
>> 'officially' autistic). I have taken the test. I'm not telling, but I
>> know what I'm talking about.
>>
>> So, I shall be there, I won't be shouting or chanting, but I will be
>> there. I hope that the event is not hijacked by another purpose, and
>> that I do not get shot by the armed police at the US Embassy there (it
>> is a scarey looking place, which puts me on edge whenever I'm near).
>> Strangely I also find myself wondering if the staff there are
>> paying the
>> London congestion charge yet, rather than ignoring it...?
>>
>> Just my 2c, or so.
>>
>> K.
>>
>> --
>> Kev Green, aka Kyrian. E: kyrian@ore.org <http://ore.org> WWW:
>> http://kyrian.ore.org/
>> Linux/Security <http://kyrian.ore.org/Linux/Security>
>> Contractor/LAMP Coder/ISP, via http://www.orenet.co.uk/
>> DJ via http://www.hellnoise.co.uk/
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>>
>>
>> --
>> http://www.goldwatches.com/
>>
>> http://www.jewelerslounge.com/
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
--
http://www.goldwatches.com/
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists