Re: Korea (was Re:?)

[stephen_winson () SNC-INC COM (Winson, Stephen)]

Definitely an ethical question.

If there is no legal notice at login then you can literally do anything you
want to the machine and you are free and clear.

If you do find yourself being given free access to someone's system in that
manner accidentally or intentionally and you're a jerk and use the situation
to your own advantage, then I sure wouldn't hire you, and no one I know
would either.

If you take the opportunity to inform the person who adminsiters the machine
that they have a gaping hole in their machine, I really don't see the
ethical dillema.  It should be an expectation, IMHO.  I thought the whole
idea everyone was supposed to be more secure, not just you and your world.

Stephen Winson

-----Original Message-----
From: JJ Gray [mailto:nexus () PATROL I-WAY CO UK]
Sent: Friday, January 28, 2000 5:17 AM
To: INCIDENTS () SECURITYFOCUS COM
Subject: Re: Korea (was RE: ?)

Hi folks,
    Hmmm, might possibly be an ethical question but it's not really a legal
one - if you are dropped straight to a prompt with no terms and conditions
of use, statements of authorised users only and the like then the chances of
legal action would be almost non-existant IMHO.   I don't see how connecting
to an internet visible computer & port is illegal in itself and the comment
on condoning cracking is a little harsh don't you think ?   Extrapolating
that argument would result in connecting to a web server on port 80 being
regarded as cracking ????   Where do you draw the line ?   I regularly see
in my firewall logs that various mailservers, DNS servers and the like are
pinging me - is this scanning ?   Is this legal ? *shrug*
I decide what I consider benign or aggressive behaviour on percieved intent,
not specific action.

Just my two penneth ;-)

Regards,
            JJ

Sed quis custodiet ipsos custodes ?

----- Original Message -----
From: Brooke, O'Neil <o'neil.brooke () LMCO COM>
To: <INCIDENTS () SECURITYFOCUS COM>
Sent: Thursday, January 27, 2000 11:40 PM
Subject: Re: Korea (was RE: ?)

> > Well, while you're there, why don't you poke around and see if you can
find
> > out
> > who ownz that box?  Could be useful to know that...
> >
> > RGF
> >
> > Robert G. Ferrell
> > Internet Technologist
> > National Business Center, US DoI
> > Robert_G_Ferrell () nbc gov
>
> This is not a very ethical statement. Especially when you consider the
> email address you have used to send this message. Does the National
> Business Center condone 'cracking', when it is useful?