Full Disclosure mailing list archives
Re: NINCOMPOOPERY OF MICROSOFT
From: "Gregory A. Gilliss" <ggilliss () netpublishing com>
Date: Wed, 1 Oct 2003 13:32:10 -0700
IANAL and I only can reference law in the USA. YMMV. Once upon a time, hackers were people who wanted to understand how things worked. They were not criminals. The reason that they were not criminals was that there were no laws passed that said that what they were doing was against the law :) A person cannot be accused of a crime unless there is a law in existence that they can be accused of violating. Thus Congress set about creating laws so that the judicial process would have laws to accuse people of breaking. Onel de Guzman basically got a "get out of jail free" card when he released the Lovebug virus for the simple reason that the Phillipines did not at that time have a law that made his actions criminal, therefore they could not charge him with a crime. Needless to say that little oversight was changed muy pronto. Currently, in the USA it is illegal to attempt a connection or to connect or to gain access or to modify any computer inside or outside of the USA without the owner's permission or with the intent of doing harm. Yes, Virginia, port scanning is a crime. Heck, if I telnet manually to lists.netsys.com on port 25 and type in this message and *try* VRFY and EXPN, I could be charged with a crime because that is not the way that the SMTP service is used in practice (most people use automated MUAs) and because it could be argued that my attempted use of VRFY and EXPN were not "usual" and that therefore I must have been trying to do something wrong or illegal. Whether or not what I did is illegal is a point of fact, and has to be decided by a jury trial in a court of law. Reality - the Federal Bureau of Investigation (FBI) likely will not even make the effort to prosecute computer crimes that cannot be said to have caused significant (like US$500,000) amounts of damage. It's just not worth the time and resources for them to assign people to port scanning. That's also why "...the pentagon reported that hackers attempted to access critical infrastructure computers ten gazillion times last year..." statements are a farce, because my nmap scan of 65,535 potential open ports on their firewall doesn't count as 65,535 attempts to access critical infrastructure - it's just a damned port scan. But, like Halloween, it's easier to get money from people if you scare them first.
-)
G On or about 2003.10.01 22:06:46 +0000, Georgi Guninski (guninski () guninski com) said:
This user Bullmur should be carefull with the word "criminal". Question to the lawyers on the list: It is my understanding that "criminal" is someone who breaks the law. microsoft seem to have been found guilty by a court in the antitrust trial, so they seem to have broken the law. Are microsoft criminals from legal point of view? Or does justice work this way: if you deface a website, you are a criminal, but if you screw most of the internet you are a hero?
-- Gregory A. Gilliss, CISSP Telephone: 1 650 872 2420 Computer Engineering E-mail: greg () gilliss com Computer Security ICQ: 123710561 Software Development WWW: http://www.gilliss.com/greg/ PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- NINCOMPOOPERY OF MICROSOFT dhtml (Oct 01)
- Re: NINCOMPOOPERY OF MICROSOFT Georgi Guninski (Oct 01)
- Re: NINCOMPOOPERY OF MICROSOFT Joel R. Helgeson (Oct 01)
- Re: NINCOMPOOPERY OF MICROSOFT Gregory A. Gilliss (Oct 01)
- Re: NINCOMPOOPERY OF MICROSOFT madsaxon (Oct 01)
- RE: NINCOMPOOPERY OF MICROSOFT Brent Colflesh (Oct 01)
- Re: NINCOMPOOPERY OF MICROSOFT Stormwalker (Oct 01)
- Re: NINCOMPOOPERY OF MICROSOFT Georgi Guninski (Oct 02)
- Re: NINCOMPOOPERY OF MICROSOFT Valdis . Kletnieks (Oct 02)
- Re: NINCOMPOOPERY OF MICROSOFT Georgi Guninski (Oct 01)