| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <133827.1303051572@localhost>
Date: Sun, 17 Apr 2011 10:46:12 -0400
From: Valdis.Kletnieks@...edu
To: noloader@...il.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Florida Power & Light Company (FPL) Fort
Sumner Wind turbine Control SCADA was HACKED
On Sun, 17 Apr 2011 07:39:58 EDT, Jeffrey Walton said:
> To pay devil's advocate here: FPL placed those hosts on a public internet.
> In addition, FPL also configured the hosts to advertise services. If FPL did
> not want the services accessed, the company would have removed the hosts
> from the public internet, shut down the services, or used leased [private]
> lines. Where's the leap to a criminal offense?
You're welcome to go ahead and break into a house, and use the excuse "but the
door facing the street was unlocked". Let is know if the judge is amused.
Most of the applicable statutes are worded in such a way that the "but it was
wide open and unsecured" claim won't do any good, as they are phrased in terms
of "exceeding authorized access". You go in knowing you don't have an
authorized access code, you're screwed. Oh, and many of the statutes *do not*
include "intent" in them. So whether you're a black hat doing something evil,
or a white hat investigating so you can tell them they have a problem, you're
still in trouble.
Content of type "application/pgp-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists