Bugtraq mailing list archives
Re: Major hack attack on the U.S. Senate
From: Crispin Cowan <crispin () immunix com>
Date: Sat, 24 Jan 2004 18:06:37 -0800
Kirk Spencer wrote:
Agreed this was not a "hack attack" as usually considered. However, I would raise two points. The first is simple - If someone starts reading files on a computer to which they are not supposed to have access, do we not consider this an attack? Even if the reason they got in is configuration errors?That would depend on the configuration error. In particular, if your "configuration error" was to publish a page to a web server where you didn't want people to read it, and the "attack" was just surfing URLs, or even manually editing the URLs, then I think you'd have a hard time making the case for "intrusion". In particular, you effectively offered the page for public viewing, so it breaks the notion of "not supposed to have access".
The problem is that the barrier of what an anonymous visitor is "supposed" to have access to is fuzzy. Then again, if it was not fuzzy, it would be relatively easy to secure, too.
Caveat: IANAL, so my opinion that the courts will decide this fuzzy issue in favor of whoever has the most money holds to weight :)
Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com Immunix 7.3 http://www.immunix.com/shop/
Current thread:
- Major hack attack on the U.S. Senate Richard M. Smith (Jan 22)
- Re: Major hack attack on the U.S. Senate ~Kevin DavisĀ³ (Jan 23)
- Re: Major hack attack on the U.S. Senate rsh (Jan 24)
- Re: Major hack attack on the U.S. Senate Kirk Spencer (Jan 24)
- Re: Major hack attack on the U.S. Senate Crispin Cowan (Jan 26)
- Re: Major hack attack on the U.S. Senate Daniel . Capo (Jan 24)
- Re: Major hack attack on the U.S. Senate Dinesh Nair (Jan 24)
- Re: Major hack attack on the U.S. Senate ed (Jan 24)
- Re: Major hack attack on the U.S. Senate ~Kevin DavisĀ³ (Jan 23)
- Re: Major hack attack on the U.S. Senate Brian C. Lane (Jan 23)
- Re: Major hack attack on the U.S. Senate Kevin Reardon (Jan 24)
- Re: [work] Re: Major hack attack on the U.S. Senate opticfiber (Jan 24)
- Re: [work] Re: Major hack attack on the U.S. Senate Jonathan A. Zdziarski (Jan 24)
- <Possible follow-ups>
- RE: Major hack attack on the U.S. Senate B. Kinney (Jan 24)
- Message not available
- RE: Major hack attack on the U.S. Senate bugtraq (Jan 24)
- Message not available