Bugtraq mailing list archives
Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle
From: Duncan Simpson <dps () simpson demon co uk>
Date: Sun, 11 Nov 2007 21:26:51 +0000
I know this is obvious to everyone on bugtraq, but nobody seems to that told P.S.Ziegler yet. (He might or might not be aware of these facts). If the report is right and logs recoriding you connecting and obtaining an IP address are a concern then you should be terrified already. I suspect that I could reconstruct much of what you did online given access to all the asssociated logs. Getting an IP address from a DHCP server and using almost any other service whatsoever usually generates at least an IP address and timestamp. Bind 9 has logs, and they are on by default, so big brother might be able to deduce a lot just using your ISP's DNS logs. When I say that I got this spam from IP address X at time Y, and give full headers to back this up, most ISPs work out who was responsible and nuke their account. I do not think the "a virus sent that spam not me" or "nobody told me not to send spam" line is very effective. If you allowed a virus to send spam then the internet does not need your box. Period. The signal-to-noise logic probably does work, but I am not sure the legal angle does. If you were *deliberately* ran the software that acidently downloaded that kiddie porn the suggested angle might not work. A law requiring log data to be retained for 6 momths should be a major problem to enforce. Last time I think the UK mooted this it did not happen (disclaimer: this might have been a trial balloon designed to generate flak). My reaction at the ISP end was "OK, will you buy us the extra hardware required?" with the intention the answer would be "no" and the plan quietly killed. (Thinking that plain daft things will not be enacted is not always reliable, unfortunately). Of course the "hand over your keys" law is a lot less effective tbat the government thinks. If an hour has passed they can have my host private key then I no longer have one of the keys required. -- Duncan (-: "software industry, the: unique industry where selling substandard goods is legal and you can charge extra for fixing the problems."
Current thread:
- Standing Up Against German Laws - Project HayNeedle Paul Sebastian Ziegler (Nov 12)
- Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle Jan Newger (Nov 12)
- Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle Peter Conrad (Nov 13)
- Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle Duncan Simpson (Nov 13)
- Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle johan beisser (Nov 13)
- Re: Standing Up Against German Laws - Project HayNeedle johan beisser (Nov 12)
- Re: Standing Up Against German Laws - Project HayNeedle Matt D. Harris (Nov 12)
- Re: Standing Up Against German Laws - Project HayNeedle johan beisser (Nov 12)
- Re: Standing Up Against German Laws - Project HayNeedle Florian Echtler (Nov 13)
- Re: Standing Up Against German Laws - Project HayNeedle Paul Wouters (Nov 13)
- Re: Standing Up Against German Laws - Project HayNeedle johan beisser (Nov 13)
- Re: Standing Up Against German Laws - Project HayNeedle Valdis . Kletnieks (Nov 13)
- Re: Standing Up Against German Laws - Project HayNeedle Frank Guthausen (Nov 14)
- Re: Standing Up Against German Laws - Project HayNeedle Matt D. Harris (Nov 12)
- Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle Jan Newger (Nov 12)
- Re: Standing Up Against German Laws - Project HayNeedle Stefano Zanero (Nov 13)