Firewall Wizards mailing list archives
Re: Recent Attacks
From: Ryan Russell <ryan () securityfocus com>
Date: Fri, 18 Feb 2000 20:35:02 -0800 (PST)
On Fri, 18 Feb 2000, David LeBlanc wrote:
It is all a matter of usage. If I use a hammer to build a building, I get paid. If I use it to smash windshields, I get thrown in jail. There isn't any law against checking security of your own systems. There is a law against breaking into other people's systems. At least ISS made a good faith effort to keep the Scanner's licensing such that it at least slowed the crackers down for a while before they could use it. That's more than I can say for several other auditing tool vendors.
Then you think Mixter doesn't deserve punishment, or he does and ISS doesn't because IS is a "good" tool? A few other folks say Mixter deserves ...well, something.. they're not specific. We don't even know for sure his stuff was used. We also don't know the attacker didn't use IS to break into the zombie systems. I've used IS to break into other people's systems. It works real well.
This really has nothing to do that I can see with the current discussion.
If you advocate harsh penalties for malicious "hackers", and then you happen to get classified as one due to some idiotic legal wording, where does that leave you? My example is an attempt to personalize the situation for the readers of this list.
How about releasing the "firewall" toolkit full of holes?I have no idea what you're talking about. fwtk? ISS' 'firewall scanner' stuff?
That's a poke at marcus.
$100M each?I hope you're joking. If so, you should have put <g> liberally.
It should be obvious that I wouldn't seriously advocate an action against people who release tools of any sort, buggy or otherwise. However, say it was discovered that the attackers were using ISS's Internet Scanner. Let's say the feds get away with nailing him with 1.2B or more in damages. Wouldn't that leave a nice path open for suits against Mixter and ISS? Wouldn't 10% of the damages (or a little less) be a reasonable amount to nail them with? Especially ISS who actually has the money? Be careful about advocating huge amounts of damages, especially if you work in the security industry. There are a lot of scary laws up for vote right now, and not a lot of sympathy for anyone who wants to use the title "hacker" for anything. Ryan
Current thread:
- Re: Recent Attacks, (continued)
- Re: Recent Attacks Reverend Chris Cappuccio (Feb 17)
- Re: Recent Attacks Ge' Weijers (Feb 19)
- Re: Recent Attacks Malcolm Holser (Feb 17)
- Re: Recent Attacks Brad Van Orden (Feb 17)
- Re: Recent Attacks Philip J. Koenig (Feb 17)
- Message not available
- Re: Recent Attacks David LeBlanc (Feb 17)
- Re: Recent Attacks Philip J. Koenig (Feb 17)
- Re: Recent Attacks Ryan Russell (Feb 19)
- Message not available
- Re: Recent Attacks David LeBlanc (Feb 19)
- Message not available
- Re: Recent Attacks David LeBlanc (Feb 19)
- Re: Recent Attacks Ryan Russell (Feb 19)
- Re: Recent Attacks Philip J. Koenig (Feb 23)
- Message not available
- Re: Recent Attacks Marcus J. Ranum (Feb 19)
- Re: Recent Attacks Darren Reed (Feb 20)
- Message not available
- Re: Recent Attacks Marcus J. Ranum (Feb 20)
- Re: Recent Attacks Ryan Russell (Feb 21)
- Re: Recent Attacks Ryan Russell (Feb 23)
- Re: Recent Attacks Marcus J. Ranum (Feb 20)
- RE: Recent Attacks Chris Crozier (Feb 21)
- Re: Recent Attacks Claudio Telmon (Feb 24)
- Re: Recent Attacks Ryan Russell (Feb 21)