Firewall Wizards mailing list archives
RE: Hackers and gateway systems
From: Matt Bruce <Matt.Bruce () alphawest com au>
Date: Mon, 1 Nov 1999 15:11:48 +0800
Hi all, AusCERT recommended standard login banners be changed because of this. The document is AA-93.03 "Suggested Login Banner" from 1993 (http://www.auscert.org.au/Information/Advisories/aus_1993.html). In summary, it was developed and recommended by the Commonwealth Director of Public Prosecutions, SERT (now AusCERT, I believe), the University of Sydney, the University of South Australia, and the Australia Federal Police because they were of the opinion that removing all welcome-style messages would "assist in prosecutions of computer crackers". I vaguely remember media reports around the early 1990s screaming in outrage at one or more crackers who got off because they argued that the welcome banner suggested that they were welcome to log in, or to attempt to log in. It could have been media hype or hypotheticals -- I can't remember. The Alert doesn't give a reference, legal instance or real example, so I think it was mostly a pre-emptive strike against computer crime here in Oz. Legal pro-activity -- something rare, even in this day and age, as I'm sure you'll agree. I checked various online legal resources (mainly http://www.austlii.edu.au/), but was unable to come up with an Australian case/trial on the matter. Anyone who has the time may like to check various online legal references for a trial/verdict. I popped an email to AusCERT asking for references today, but I'll have to wait until they get around to me. I'll forward any URLs as I get them. Cya, -- Matt Bruce <matt.bruce () alphawest com au> Internet & Security Engineer AlphaWest - http://www.alphawest.com.au/
-----Original Message----- From: Plymale, Cheryl [mailto:cheryl.Plymale () qwest com] Sent: Friday, October 29, 1999 4:14 AM Does anyone know of a court case where a hacker was exonerated in part because of "Welcome" was displayed on a gateway system?
Current thread:
- Re: Hackers and gateway systems Lance Spitzner (Nov 01)
- <Possible follow-ups>
- RE: Hackers and gateway systems Matt Bruce (Nov 01)
- Re: Hackers and gateway systems Steven M. Bellovin (Nov 01)
- Security urban legends Marcus J. Ranum (Nov 01)
- Re: Security urban legends Matt Curtin (Nov 05)
- Re: Security urban legends Adam Shostack (Nov 05)
- Security urban legends Marcus J. Ranum (Nov 01)
- Re: Hackers and gateway systems Alan Lustiger (Nov 02)