Firewall Wizards mailing list archives
Re: Response to door knocking
From: Joseph S D Yao <jsdy () cospo osis gov>
Date: Mon, 8 Feb 1999 12:08:53 -0500 (EST)
Mr. John McDermott proclaimed:
--- On Wed, 3 Feb 1999 21:00:02 +0100 Damir Rajnovic <Damir.Rajnovic () eurocert net> wrote:At 3:35 +0100 3/2/99, Robert Graham wrote:other sites. Thus, if I don't take "reasonable" measures against hackers, I can be sued. Consider a scenario where an unknown hacker broke into my site, then used it as a stepping stone to attack VICTIM. Now, the hacker remains unknown and the VICTIM is suing me. Gosh, wound't it have been nice to have gathered additional information that my forensics team and the police could have used to track down the hacker?If someone was using your machine without your knowledge you should be innocent.This is far from my understanding of current US law. If you are the "intermediate victim" of a relay attack, it is my understanding that you may be both civilly and criminally liable in the US. Can someone cite the relevent statute here? I don't have it handy.
Not a lawyer, don't know statutes, but I think the relevant two words in what you said are "may be" ... liable. In the case where the person left the site on the Internet with cracking tools and the root password plainly posted, I suspect a higher degree of negligence could be found than a person who practiced reasonable measures to secure it. However, US law is currently never clear on any point - it is all very case- dependent, as well as dependent on whom you can get to represent you in court. I suspect that the state would have to get creative about criminal law: the laws just aren't up to current technology. [Laws about stealing cows and cars may not apply to relayed breakins and possible alteration of data.] Civil lawsuits are where liability may be found. As I said, I'm not a lawyer. But anyone who replied to your "understanding" with an absolute yes or no probably isn't, either. ;-) -- Joe Yao jsdy () cospo osis gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies.
Current thread:
- Re: Response to door knocking, (continued)
- Re: Response to door knocking Paul D. Robertson (Feb 01)
- Re: Response to door knocking Amos Hayes (Feb 03)
- Re: Response to door knocking Chris Cappuccio (Feb 04)
- Re: Response to door knocking Paul D. Robertson (Feb 04)
- Re: Response to door knocking Amos Hayes (Feb 03)
- Re: Response to door knocking Damir Rajnovic (Feb 02)
- Re: Response to door knocking Robert Graham (Feb 03)
- Re: Response to door knocking Damir Rajnovic (Feb 04)
- Re: Response to door knocking Paul D. Robertson (Feb 04)
- RE: Response to door knocking Webb, Andy (Feb 04)
- Re: Response to door knocking John McDermott (Feb 06)
- Re: Response to door knocking Joseph S D Yao (Feb 08)
- Re: Response to door knocking JohnLNick (Feb 08)
- Re: Response to door knocking Paul D. Robertson (Feb 01)