Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US

From: "Eliah Kagan" <degeneracypressure () gmail com>
Date: Tue, 30 Sep 2008 17:03:07 -0400
Michael Krymson wrote:

Wow, this whole discussion with a troll has gone on far longer than it ever
should have.


So basically what you're saying is that we should all shut up and not
talk about an actual issue, and that trolls should be trolls and stay
away from discussion of actual issues?

Oh, I'm sorry, was that a straw man characterization? Were you saying
something subtly different? A lot of that going around.

n3td3v thinks that a server with passwords not set is fundamentally
different from an unlocked door. ("Can we get over houses, and cars,
this is the internet, the systems were PUBLIC DOMAIN.") I'd like to
see him defend that position.

But just in case you can't bring yourself to *believe* that it's a
defensible position, here's some food for thought:

SYN = May I come in.
SYN ACK = Sure.
ACK = OK, I'm coming in, in accordance with your wishes.

FIN (when server to client) = Time for you to leave.
FIN ACK (when client to server) = OK, I'm leaving.

RST (when server to client) = If you're in here then GTFO!

Once the three-way handshake is complete, the client is in the
server's house, and may go into any room (this is application-layer
now) not forbidden by a security mechanism or law of the land. One
would be hard pressed to argue that an authentication system without a
password set is a security mechanism.

Going through an open door into the bedroom may be impolite, and it
may incite bad feeling in the house's owner. But one would be
hard-pressed to say it would be illegal.

Is that a totally wrong analogy? Maybe. If it is, are we be sure it is
a wrong analogy, BEYOND REASONABLE DOUBT?

Again though, once you start leaving notes under the pillow in the
bedroom or opening a window to get in later, you've said GTFO to the
legal defensibility of your actions.

-Eliah

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: