lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20120112164615.6171d451@d-172-27-99-46.bootp.virginia.edu>
Date: Thu, 12 Jan 2012 16:46:15 -0500
From: Benjamin Kreuter <ben.kreuter@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Rate Stratfor's Incident Response

On Thu, 12 Jan 2012 16:06:53 -0500
Valdis.Kletnieks@...edu wrote:

> On Thu, 12 Jan 2012 15:16:19 EST, Benjamin Kreuter said:
> 
> > Really, calling it "breaking in" is a stretch.  You connected a
> > computer to a publicly accessible computer network, where anyone can
> > send anything to your computer.  If hacking such a system is
> > "breaking in," you might as well claim that shouting across your
> > neighbor's yard is "breaking in."
> 
> Bad analogy.  Closer would be if you have a house that's got a
> driveway on a public street, and you claim it's not breaking and
> entering if you walk up the driveway, try the doorknob, find it
> unlocked, and let yourself in without the permission of the
> residents.  Saying that "anybody could walk up and let themselves in
> the door" doesn't make it legal.

Would you say that we should arrest the person who walks into the
house, takes a picture of themselves standing next to an expensive
television and leaves the picture next to a note that says "your door
was unlocked?"

Really though, it is still a terrible analogy.  You can disconnect a
computer from the Internet; you cannot disconnect a building from a
street.  A hacker in a foreign country might be attacking your computer
system from that country, and could be outside the jurisdiction of any
relevant law enforcement agency; a person who breaks into a building is
committing a crime in whatever jurisdiction the building is in.

Analogies are nice and they help non-technical folks understand what
is going on, but let's not get carried away with them. Someone who
attacks a computer system over the Internet (or any other network) is
sending unwanted/malicious messages.  This is not the same as physically
breaking into a building, locker, or computer. It may be illegal, but
it is still very different from other crimes.  If anything, the closest
type of criminal would be a con man, which seems fitting given how many
of today's attacks have an element of social engineering.

-- Ben


-- 
Benjamin R Kreuter
UVA Computer Science
brk7bx@...ginia.edu

--

"If large numbers of people are interested in freedom of speech, there
will be freedom of speech, even if the law forbids it; if public
opinion is sluggish, inconvenient minorities will be persecuted, even
if laws exist to protect them." - George Orwell

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ